GreySec Forums
Requestbin.in - Printable Version

+- GreySec Forums (https://greysec.net)
+-- Forum: Technology and Miscellaneous IT-Discussion (https://greysec.net/forumdisplay.php?fid=29)
+--- Forum: Open IT-Discussion (https://greysec.net/forumdisplay.php?fid=30)
+--- Thread: Requestbin.in (/showthread.php?tid=1514)



Requestbin.in - Knife Boss - 12-29-2016

REQUESTBIN.IN

Found this interesting website:

Quote:RequestBin gives you a URL that will collect requests made to it and let you inspect them in a human-friendly way.
Use RequestBin to see what your HTTP client is sending or to inspect and debug webhook requests.


I've been using it so inspect the windows passwords take with a rubber ducky script. A command gets the hashed passwords from system memory and it then adds them to the end of the url I was provided. I then can go on the site and retrieve the passwords to later decode.

https://requestb.in/


RE: Requestbin.in - NO-OP - 12-29-2016

(12-29-2016, 06:55 PM)Knife Boss Wrote: REQUESTBIN.IN

Found this interesting website:

Quote:RequestBin gives you a URL that will collect requests made to it and let you inspect them in a human-friendly way.
Use RequestBin to see what your HTTP client is sending or to inspect and debug webhook requests.


I've been using it so inspect the windows passwords take with a rubber ducky script. A command gets the hashed passwords from system memory and it then adds them to the end of the url I was provided. I then can go on the site and retrieve the passwords to later decode.

https://requestb.in/

That's a great idea one it's cheap and two using SSL would make it hard to see what was sent. But at the same time this might be better using a SCP(Or some other SSH tool) to a secure server that you and only you control. At the drop of a hat requestbin could be swept or monitor its user's connections. Great for a project though, just nothing shady