Request Bin

• Check it out here
• There’s two different options (see below)
  • Public bin: a pretty basic one which just serves a webpage
  • Private bin: allows for more customisation (e.g. custom responses, triggering a script on request, etc)

Which to use

• If you’re just doing basic XSS, where you’re just capturing a request (e.g. +document.cookie), just go with a public bin
• If you want to do more with the bin (e.g. above), the private bins have way more depth (but are also harder to configure/use)