Request Grabber
During pentesting activies, we may want to catch HTTP requests, such as during a CSRF attack or a XSS attack.
If our machine is within the same network, we can use nc:
$ nc -lnvp PORT
<send request to YOUR_PUBLIC_IP:PORT>
π We can use responder for Windows Authentication Requests.
β οΈ Remember to use a SSH backdoor when available (CTFs, etc.).
We may use online public solutions such as API Testing Platforms:
- requestbin (HTTP π)
- postbin (HTTP π)
- ngrok (HTTP π and TCP β, credit card required for free plan π΅)
- pinggy (TCP β, account required β οΈ)
- requestinspector (HTTP π)
- beeceptor (HTTP π, custom replies π)
- pastebin (HTTP + UPLOAD π, use URL to raw file after upload)
- github.io (HTTP + UPLOAD π, account required πͺ¦)
- ...
π» To-do π»
Stuff that I found, but never read/used yet.
To use pinggy, create an account to get your SSH command. Run it with localhost:4444 the final destination of the forwarded traffic.
$ ssh -p 443 -R0:localhost:4444 -o StrictHostKeyChecking=no -o ServerAliveInterval=30 {secret}+tcp@a.pinggy.io
You will see here the DOMAIN and the PORT to use
It's often a reverse shell catcher such as netcat.
$ nc -lnvp 4444