1. Home
  2. Tips and Tricks
  3. Capture POST Requests on Webserver / Website

Capture POST Requests on Webserver / Website

Sometimes you just want to see what someone is sending to your website. But how? Access logs by themselves can be pretty vanilla, you can see that a user made a POST request, but what exactly did they send?

DumpIO Module for Apache

You can see what’s in the POST request by using the dumpio module for Apache

# a2enmod dump_io

Restart Apache after enabling the module.

# systemctl restart apache2

Configure DumpIO Module

Now enable the module on the domain you are interested in by updating the vhosts file

DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7

It will sit inside your <virtualhost> directive, so something like this:

<VirtualHost *:443>
    ServerAdmin  ...
    DocumentRoot ...
    
    ErrorLog ...
    CustomLog ...

    DumpIOInput On
    DumpIOOutput On
    LogLevel dumpio:trace7
</VirtualHost>

Restart apache

#systemctl restart apache2

Confirm Module is Working

Test it by sending a post request to your site. You can do this using something like curl:

# curl -d "user=user1&pass=abcd" -X POST https://defragged.org/

Now parse your error log to find the output:

# cat /var/log/apache2/defragged.error.log | grep "user1"

Should see something like this:

[Tue May 11 20:14:17.972056 2021] [dumpio:trace7] [pid 10215] mod_dumpio.c(103): [client [ip-address]:56886] mod_dumpio: dumpio_in (data-TRANSIENT): user=user1&pass=abcd This serves as a great administration tool for network / site / security administrators trying to understand what users are doing on their website.
Updated on December 8, 2023

Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Email: support@noc.org

Leave a Comment