I've just released endpoints.dev - Use it to get a unique, private url that will store & display all http requests made to it. Use your unique URL with 3rd party tools to see what requests they are making, without needing to spin up a webserver. Or, use it for experimenting with XXS, phone-home, and other http based pen-testing.
Very cool. You can also use osapy.com to inspect 3rd party API requests. Or even combine Osapy with endpoints.dev. I wrote a blogpost how to do that for retool.
In which direction do you want to develop the website?
Feature request: give me a URL I can bookmark or share with team-mates for the HTTP inspector bit. It looks at the moment like I get a random URL to send requests to but I have to use the same browser to ensure that the endpoints.dev homepage knows who I am so it can show me the traffic.
That's awesome! I like these. Yesterday I was looking for some website that would send me EventSource/SSE Messages so tjat I could test what is going on on Android...
Is the unique endpoint "secure/random" enough? I imagine you would end up with some amount of live session cookies, tokens, api keys, and so on, that would have some value for people guessing uris.
Edit: Ahh, missed the JWT pairing. I read "Pastebin for" too literally.
This was definitely a concern... Each unique subdomain is checked for collision before being assigned, so no two users will receive the same endpoint. Additionally, it is assigned with a jwt, so even if someone was to brute force an endpoint that has been assigned to someone else, they would not be authorized to see the request data.
Some time ago I built a similar tool, with the main difference being that it doesn't store any data, so you need to have the webpage open to receive the request info. Since I use it mostly to debug issues and quickly inspect something of the fly, that works for me.
I like the simplicity! Some of the other options out there are pretty elaborate and not straightforward to get started.
One thing I'm always looking for in these is the docker run one liner. Because if I incorporate a tool into my work, how do I better ensure it's going to stay around by either pragmatic paid plan or OSS self host?
Thanks, simplicity is definitely what I am aiming for!
Making this an OSS project is the direction I plan to take - just need to tidy up the code a bit before making it public :)
The current implementation is serverless on AWS though, and most of the "complexitly" is in the infrastructure, so as convenient as they are, I don't think I'll aim to dockerize it.
Right now the Headers column is essentially useless because the json renderer doesn't seem to want to display beyond one level of depth so you just see "[{...},{...},etc]". Can you make this more usable? Maybe add some kind of expansion ui where it will pretty print the headers in multiple lines?
Not the author, but there's no config that needs to be generated. Just run a HTTPS server with a wildcard cert that serves all traffic from a wildcard 'vhost' *.example.com to your application code. Then, your application can just look at the Host header to see which 'endpoint' it should serve.
[+] [-] bozly|5 years ago|reply
[+] [-] rsync|5 years ago|reply
This is a very interesting tool and I can think of some ways it would be useful to me, personally ...
If you'd like a free rsync.net account, as a thank-you, just email. Thank you for making this available.
[+] [-] gingerjoos|5 years ago|reply
[+] [-] osapy|5 years ago|reply
In which direction do you want to develop the website?
[+] [-] hnarn|5 years ago|reply
[+] [-] alifaziz|5 years ago|reply
[+] [-] bozly|5 years ago|reply
[+] [-] nsx147|5 years ago|reply
[+] [-] simonw|5 years ago|reply
[+] [-] bozly|5 years ago|reply
I'm currently working on user accounts, which will eliminate the need to use the same browser.
[+] [-] kovek|5 years ago|reply
Here's another server for testing HTTP: http://httpbin.org
[+] [-] tyingq|5 years ago|reply
Edit: Ahh, missed the JWT pairing. I read "Pastebin for" too literally.
[+] [-] bozly|5 years ago|reply
[+] [-] dethos|5 years ago|reply
It is available here: https://github.com/dethos/webhook_logger
(You can quickly deploy it on your own server, if you don't trust a hosted service).
[+] [-] tegiddrone|5 years ago|reply
One thing I'm always looking for in these is the docker run one liner. Because if I incorporate a tool into my work, how do I better ensure it's going to stay around by either pragmatic paid plan or OSS self host?
[+] [-] bozly|5 years ago|reply
Making this an OSS project is the direction I plan to take - just need to tidy up the code a bit before making it public :)
The current implementation is serverless on AWS though, and most of the "complexitly" is in the infrastructure, so as convenient as they are, I don't think I'll aim to dockerize it.
[+] [-] user5994461|5 years ago|reply
It's annoying to have to click a super small > every time to extend. That doesn't look like a button and is too small to click by the way.
Is it running on HTTP/2? It's converting all headers to lowercase. Might be a side effect or HTTP/2 or cloudflare.
[+] [-] ankit84|5 years ago|reply
* named subdomain / endpoints
* Build Rest API and Mocking responses
* HTTP Intercepting
* HTTP Proxy pass
* nice UI, live updating, json formatting, sharable requests, etc
[+] [-] TekMol|5 years ago|reply
https://2f5799dcfb.endpoints.dev
# Update
Interesting:
- Lots of IPV6 requests coming from HN.
- What is the "dnt" header most requests carry?
[+] [-] jswny|5 years ago|reply
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/DN...
[+] [-] jedberg|5 years ago|reply
It's funny you mention that. I intentionally disable IPv6 a while back, because it kept breaking things for me.
At some point either the router reset or my OS settings did (or both) because I recently discovered it was back on, despite not doing so myself.
I'm guessing it's on by default in enough places now that you'll see mostly ipv6.
[+] [-] kayson|5 years ago|reply
[+] [-] bozly|5 years ago|reply
I think this could be a bit more intuitive though, thanks for the feedback!
[+] [-] mandaputtra|5 years ago|reply
[+] [-] q3k|5 years ago|reply
[+] [-] pritambarhate|5 years ago|reply
[+] [-] georgianar|5 years ago|reply
[deleted]