Skip to content
NEW: auto-exploit Apache Arbitrary File Read & gain RCE with SNIPER

HTTP Request Logger

This is a custom HTTP server which records all the requests received

Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our HTTP Request Logger! Compare pricing plans and discover more tools and features.

Sample Report

Here is a HTTP Request Logger sample report:

  • Contains information about each HTTP request received:
    • Source IP
    • User Agent
    • URL parameters
    • HTTP headers
    • Operating system information
    • Timestamp

Download Sample Report

Sample report

HTTP Request Logger - Use Cases

This is a useful pentest utility that logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proofs of Concept to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Exploit Cross-Site Scripting

Make the victim connect to the HTTP Logger and send sensitive information in the URL: cookies, personal information, etc. You can later see who has connected and what information he has sent.

Social Engineering

Send customized HTTP Logger links to multiple people and see who has clicked on them. This helps you to measure the security awareness of the employees of an organization.

Out-of-band Data Exfiltration

This tool can be used as an endpoint for sending data when you try to exploit vulnerabilities such as blind SQLi, SSRF or XXE.

Technical Details


The HTTP Request Logger was created from a practical need of our pentesting team to have an always-on HTTP/S server and an easy interface to visualize the HTTP requests received.
The advantage of using this tool is that you no longer need to configure your own HTTP server, it has a valid SSL certificate and it has a simple web interface which you can also show to your clients to present the results.


Parameter Description
Label An identifier which you can associate to your HTTP handler. It can be useful to identify testing scenarios, groups of people, vulnerabilities, etc.

How it works

The tool creates unique URLs (HTTP Handlers) which log all the requests received. The following information is recorded from the incoming request:
  • Source IP address
  • URL Parameters
  • User Agent
  • All HTTP headers
  • Operating system (deducted from User Agent)
  • Request date

The HTTP Handler is unique per user so no other user will be able to access it (unless he knows the exact URL).
The HTTP Handler has a lifetime of 60 days. After the remaining time expires, the handler will no longer log the requests received.
[Note] There is a limit of 100requests that are being logged per Handler.