Request Redactor X

RequestRedactorX removes, censors, or masks sensitive data from HTTP requests before copying them to the clipboard. It provides four distinct copy modes and a configurable UI for managing which headers and parameters are treated as sensitive, making it easier to share request samples in reports, tickets, or team communications without leaking credentials or tokens.

Features

• Four copy modes: remove all headers, censor sensitive headers, mask sensitive parameters, or apply full combined sanitization in a single action.
• Sensitive header censorship replaces values of headers such as Authorization, Cookie, and custom token headers with a configurable placeholder.
• Parameter masking covers URL query strings, application/x-www-form-urlencoded body parameters, and recursively traversed JSON body keys.
• Customizable lists of header names and parameter names to redact or mask, each with individually configurable placeholder strings.
• Optional JSON pretty-printing formats JSON request bodies for improved readability when copying sanitized output.
• Context menu integration on HTTP requests across Proxy, Repeater, Intruder, and other tools.

Usage

1. Open the RequestRedactorX tab in the extensions panel.
2. Add sensitive header names (e.g., Authorization, Cookie) to the headers list and set the desired redaction placeholder.
3. Add sensitive parameter names (e.g., password, token) to the parameters list and set the desired masking placeholder.
4. Toggle the JSON formatting option if you want JSON bodies to be pretty-printed in the copied output.
5. Right-click any HTTP request and navigate to the RequestRedactorX context menu entry.
6. Select one of the four copy options: headers sanitized, headers and params redacted, headers and params masked, or full sanitization combining all three.
7. Paste the sanitized request into reports, issue trackers, or messaging tools → sensitive values will have been replaced with the configured placeholders.