Loading...

HTTP Request Logger 50 Credits Buy now

This is a custom HTTP server which records all the requests received

Sample Report

|

Use Cases

|

Technical Details

Sample Report

Here is a HTTP Request Logger sample report:

  • Contains information about each HTTP request received:
    • Source IP
    • User Agent
    • URL parameters
    • HTTP headers
    • Operating system information
    • Timestamp

See also a sample pdf report.

HTTP Request Logger - Use Cases

This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Exploit Cross-Site Scripting

Make the victim connect to the HTTP Logger and send sensitive information in the URL: cookies, personal information, etc. You can later see who has connected and what information he has sent.

Social Engineering

Send customized HTTP Logger links to multiple people and see who has clicked on them. This helps you to measure the security awareness of the employees of an organization.

Out-of-band Data Exfiltration

This tool can be used as an endpoint for sending data when you try to exploit vulnerabilities such as blind SQLi, SSRF or XXE.

Technical Details


About

The HTTP Request Logger was created from a practical need of our pentesting team to have an always-on HTTP/S server and an easy interface to visualize the HTTP requests received.
The advantage of using this tool is that you no longer need to configure your own HTTP server, it has a valid SSL certificate and it has a simple web interface which you can also show to your clients to present the results.


Parameters

Parameter Description
Label An identifier which you can associate to your HTTP handler. It can be useful to identify testing scenarios, groups of people, vulnerabilities, etc.


How it works

The tool creates unique URLs (HTTP Handlers) which log all the requests received. The following information is recorded from the incoming request:
  • Source IP address
  • URL Parameters
  • User Agent
  • All HTTP headers
  • Operating system (deducted from User Agent)
  • Request date

The HTTP Handler is unique per user so no other Pentest-Tools.com user will be able to access it (unless he knows the exact URL).
The HTTP Handler has a lifetime of 15 days. After the remaining time expires, the handler will no longer log the requests received. Furthermore, there is a limit of 50 requests that are being logged per handler.
Feedback