This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.
Exploit Cross-Site Scripting
Make the victim connect to the HTTP Logger and send sensitive information in the URL: cookies, personal information, etc. You can later see who has connected and what information he has sent.
Send customized HTTP Logger links to multiple people and see who has clicked on them. This helps you to measure the security awareness of the employees of an organization.
Out-of-band Data Exfiltration
This tool can be used as an endpoint for sending data when you try to exploit vulnerabilities such as blind SQLi, SSRF or XXE.
The HTTP Request Logger was created from a practical need of our pentesting team to have an always-on HTTP/S server and an easy interface to visualize the HTTP requests received.
The advantage of using this tool is that you no longer need to configure your own HTTP server, it has a valid SSL certificate and it has a simple web interface which you can also show to your clients to present the results.
An identifier which you can associate to your HTTP handler. It can be useful to identify testing scenarios, groups of people, vulnerabilities, etc.
How it works
The tool creates unique URLs (HTTP Handlers) which log all the requests received. The following information is recorded from the incoming request:
Source IP address
All HTTP headers
Operating system (deducted from User Agent)
The HTTP Handler is unique per user so no other Pentest-Tools.com user will be able to access it (unless he knows the exact URL).
The HTTP Handler has a lifetime of 15 days. After the remaining time expires, the handler will no longer log the requests received. Furthermore, there is a limit of 50 requests that are being logged per handler.
This tool costs 50 credits but you have 40 credits left.