Exploit Helpers

HTTP Request Logger

Record and visualize all the requests your handler receives with this custom, always-on HTTP/S server.

Scan type
  • Light scan

  • Full scan

Reporting

Sample Report

Here is a HTTP Request Logger sample report that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Source IP

  • User Agent

  • URL parameters

  • HTTP headers

  • Operating system information

  • Timestamp

HTTP Request Logger Report Sample

How to use the pentesting tool

Use Cases for HTTP Request Logger

This is a useful pentest utility that logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. Use the tool to easily create Proofs of Concept to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

  • Exploit Cross-Site Scripting

    Make the victim connect to the HTTP Logger and send sensitive information in the URL: cookies, personal information, etc. You can later see who connected and what information they sent.

  • Social Engineering

    Send customized HTTP Logger links to multiple people and see who clicks on them. This helps you to measure the security awareness of the employees in an organization.

  • Out-of-band Data Exfiltration

    You can use this tool as an endpoint for sending data when you try to exploit vulnerabilities such as blind SQLi, SSRF or XXE.

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com HTTP Request Logger Sample Report

HTTP Request Logger

Technical Details

The HTTP Request Logger was created from a practical need of our pentesting team to have an always-on HTTP/S server and an easy interface to visualize the HTTP requests received.

The advantage of using this tool is that you no longer need to configure your own HTTP server, it has a valid SSL certificate and it has a simple web interface which you can also show to your clients to present the results.

Parameters

ParameterDescription
LabelAn identifier which you can associate to your HTTP handler. It can be useful to identify testing scenarios, groups of people, vulnerabilities, etc.

How it works

The tool creates unique URLs (HTTP Handlers) which log all the requests received. The following information is recorded from the incoming request:

  • Source IP address
  • URL Parameters
  • User Agent
  • All HTTP headers
  • Operating system (deducted from User Agent)
  • Request date

The HTTP Handler is unique per user so no other Pentest-Tools.com user will be able to access it (unless he knows the exact URL).

The HTTP Handler has a lifetime of 15 days. After the remaining time expires, the handler will no longer log the requests received.

[Note] There is a limit of 100 requests that a single Handler can log.