Sample Report

This is a label that you can associate with the source of the HTTP requests, such as: source server name, target users group, target application, etc.

My HTTP Handlers

Label Handler URL Requests received Active
- - - -

About the HTTP Request Logger

This is a helper tool which allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as:

  • Out of band data exfiltration (initiate an external HTTP request)
  • Social Engineering (prove that people have clicked on a link)
  • Cross-Site Scripting (ex. send a cookie to an external HTTP server)
  • Server-Side Request Forgery (initiate an external HTTP request)

The tool creates unique URLs (HTTP Handlers) which log all the requests received. The following information is recorded from the incoming request:
  • Source IP address
  • URL Parameters
  • User Agent
  • All HTTP headers
  • Operating system (deducted from User Agent)
  • Request date

The HTTP Handler is unique per user so no other user will be able to access it (unless he knows the exact URL).
The HTTP Handler has a lifetime of 15 days. After the remaining time expires, the handler will no longer log the requests received. Furthermore, there is a limit of 50 requests that are being logged per handler.