"Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order,
where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file."
http://www.ucertify.com/article/what-is-traceaxd.html
It is a separate file to store tracing messages. If you have pageOutput set to true, your webpage will acquire a large table at the bottom. That will list lots of information—the trace information. trace.axd allows you to see traces on a separate page, which
is always named trace.axd.
http://www.dotnetperls.com/trace
LOW? Actually a Medium.
What can I do with it?
- Read ALL variables and data from HTTP requests
- POST requests rock! ?
Discovery?
Metasploit
Example
Main trace.axd page
Viewing a request
Post request with creds
-CG
![From LOW to PWNED [12] Trace.axd](http://2.bp.blogspot.com/-Pyah57XUOdY/T77bzNxQhBI/AAAAAAAAA1o/x6exxge_MfM/s1600/trace-axd-16.PNG "From LOW to PWNED [12] Trace.axd")
![From LOW to PWNED [12] Trace.axd](http://2.bp.blogspot.com/-yXEjfsUqBFc/T77cJQJPGVI/AAAAAAAAA14/L1NK7nhC8F4/s1600/nessus-traceaxd-screenie.PNG "From LOW to PWNED [12] Trace.axd")
![From LOW to PWNED [12] Trace.axd](http://4.bp.blogspot.com/-UkJo3k9DK2I/T77c4HO9LcI/AAAAAAAAA2I/j_VWwhTSnlI/s1600/msf-trace-sani.PNG "From LOW to PWNED [12] Trace.axd")
![From LOW to PWNED [12] Trace.axd](http://2.bp.blogspot.com/-dTVq4jvQLuc/T77dYpP_cmI/AAAAAAAAA2Q/egtMl-YSSDw/s1600/trace-example1-sani.PNG "From LOW to PWNED [12] Trace.axd")
![From LOW to PWNED [12] Trace.axd](http://4.bp.blogspot.com/-uJaFiimodOQ/T77dZ4Pb9pI/AAAAAAAAA2Y/4Z9xvH8UO_o/s1600/trace-example2-sani.PNG "From LOW to PWNED [12] Trace.axd")
![From LOW to PWNED [12] Trace.axd](http://4.bp.blogspot.com/-qvX3tUT7bVo/T77daT0_PKI/AAAAAAAAA2g/WOCyV8UNJOo/s1600/trace-example3-sani.PNG "From LOW to PWNED [12] Trace.axd")