Capture POST Requests on Webserver / Website

Sometimes you just want to see what someone is sending to your website. But how? Access logs by themselves can be pretty vanilla, you can see that a user made a POST request, but what exactly did they send?

DumpIO Module for Apache

You can see what's in the POST request by using the dumpio module for Apache

# a2enmod dump_io
                        

Restart Apache after enabling the module.

#systemctl restart apache2
                        

Configure DumpIO Module

Now enable the module on the domain you are interested in by updating the vhosts file:

DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7
                        

It will sit inside your <virtualhost> directive, so something like this:

<VirtualHost *:443>
    ServerAdmin  ...
    DocumentRoot ...
    
    ErrorLog ...
    CustomLog ...

    DumpIOInput On
    DumpIOOutput On
    LogLevel dumpio:trace7
</VirtualHost>
						

Restart apache

#systemctl restart apache2
                        

Confirm Module is Working

Test it by sending a post request to your site. You can do this using something like curl:

# curl -d "user=user1&pass=abcd" -X POST https://defragged.org/
						

Now parse your error log to find the output:

# cat /var/log/apache2/defragged.error.log | grep "user1"
						

Should see something like this:

[Tue May 11 20:14:17.972056 2021] [dumpio:trace7] [pid 10215] mod_dumpio.c(103): [client 
[ip-address]:56886] mod_dumpio: dumpio_in (data-TRANSIENT): user=user1&pass=abcd
This serves as a great administration tool for network / site / security administrators 
trying to understand what users are doing on their website.
                        

Posted in   Networking_Tips   Troubleshooting   Linux   Apache     by noc_team