I've just released endpoints.dev - Use it to get a unique, private url that will store & display all http requests made to it. Use your unique URL with 3rd party tools to see what requests they are making, without needing to spin up a webserver. Or, use it for experimenting with XXS, phone-home, and other http based pen-testing.
Looks like requestbin will only keep 20 requests for 48 hours. Currently, endpoints.dev will store an unlimited number of requests for 30 days. The plan is to add user login, and lift the 30 day limit for authenticated users.
Very cool. You can also use osapy.com to inspect 3rd party API requests. Or even combine Osapy with endpoints.dev. I wrote a blogpost how to do that for retool.
In which direction do you want to develop the website?
Actually - just tried your website and it doesn't work for me. I tried curl -H "Content-Type: application/json" -d '{"message":"hello world"}' https://8ef216dd46.endpoints.dev and nothing happened. Maybe check your logs.
Feature request: give me a URL I can bookmark or share with team-mates for the HTTP inspector bit. It looks at the moment like I get a random URL to send requests to but I have to use the same browser to ensure that the endpoints.dev homepage knows who I am so it can show me the traffic.
Please do not require to login!
The sharing via a second unique url would be great for teams and I could use it right away. If I have to convince all my colleges to login that would kill it for me :/
That's awesome! I like these. Yesterday I was looking for some website that would send me EventSource/SSE Messages so tjat I could test what is going on on Android...
Is the unique endpoint "secure/random" enough? I imagine you would end up with some amount of live session cookies, tokens, api keys, and so on, that would have some value for people guessing uris.
Edit: Ahh, missed the JWT pairing. I read "Pastebin for" too literally.
This was definitely a concern... Each unique subdomain is checked for collision before being assigned, so no two users will receive the same endpoint. Additionally, it is assigned with a jwt, so even if someone was to brute force an endpoint that has been assigned to someone else, they would not be authorized to see the request data.
If I knew somebody else's unique subdomain, I could set my browser cookie on my local computer to that value and it seems to just load the other subdomain just fine.
I tested this with 2 different browser on my same laptop. Maybe it won't work if the other person is on another computer?
I could also just set the subdomain to anything I like (by setting the cookie value) and it still works just fine.
Ah no, I can still set the cookie to the other person's subdomain on another machine.
Some time ago I built a similar tool, with the main difference being that it doesn't store any data, so you need to have the webpage open to receive the request info. Since I use it mostly to debug issues and quickly inspect something of the fly, that works for me.
I like the simplicity! Some of the other options out there are pretty elaborate and not straightforward to get started.
One thing I'm always looking for in these is the docker run one liner. Because if I incorporate a tool into my work, how do I better ensure it's going to stay around by either pragmatic paid plan or OSS self host?
Thanks, simplicity is definitely what I am aiming for!
Making this an OSS project is the direction I plan to take - just need to tidy up the code a bit before making it public :)
The current implementation is serverless on AWS though, and most of the "complexitly" is in the infrastructure, so as convenient as they are, I don't think I'll aim to dockerize it.
Readit News
This is a very interesting tool and I can think of some ways it would be useful to me, personally ...
If you'd like a free rsync.net account, as a thank-you, just email. Thank you for making this available.
In which direction do you want to develop the website?
I'm currently working on user accounts, which will eliminate the need to use the same browser.
Here's another server for testing HTTP: http://httpbin.org
Edit: Ahh, missed the JWT pairing. I read "Pastebin for" too literally.
I could also just set the subdomain to anything I like (by setting the cookie value) and it still works just fine.
Ah no, I can still set the cookie to the other person's subdomain on another machine.
Edit: add extra sentence.
Edit2: format.
It is available here: https://github.com/dethos/webhook_logger
(You can quickly deploy it on your own server, if you don't trust a hosted service).
One thing I'm always looking for in these is the docker run one liner. Because if I incorporate a tool into my work, how do I better ensure it's going to stay around by either pragmatic paid plan or OSS self host?
Making this an OSS project is the direction I plan to take - just need to tidy up the code a bit before making it public :)
The current implementation is serverless on AWS though, and most of the "complexitly" is in the infrastructure, so as convenient as they are, I don't think I'll aim to dockerize it.
It's annoying to have to click a super small > every time to extend. That doesn't look like a button and is too small to click by the way.
Is it running on HTTP/2? It's converting all headers to lowercase. Might be a side effect or HTTP/2 or cloudflare.