@LooseSecurity When doing a bug bounty always read previous reports. It helps you figure out what kind of issues existed in the application in the past and saves a lot of time on reconnaissance.
When you are writing an http/https tool you can use an intercepting proxy with:
or with a username password
To revert back: