Proxy Test Harness

cxprotect.com

A purpose-built HTTP endpoint server for testing proxy behaviour — uploads, headers, cookies, timing, auth, encoding, and more.

37Endpoints
15Categories
204800KBMax Upload
Upload 7
GET /upload-form
Single file upload HTML form
file=
curlcurl -F "file=@/path/to/file.txt" https://cxprotect.com/upload
GET /upload-multiple
Multiple file upload HTML form
curlcurl -F "files=@a.txt" -F "files=@b.pdf" https://cxprotect.com/upload-multiple
POST /upload
Single file upload (multipart/form-data)
curlcurl -X POST -F "file=@/path/to/file.txt" https://cxprotect.com/upload
POST /upload-multiple
Multiple file upload (multipart/form-data)
curlcurl -X POST -F "files=@a.txt" -F "files=@b.pdf" https://cxprotect.com/upload-multiple
GET|POST /upload-direct
Raw binary body upload (octet-stream)
?filename=
curlcurl -X POST -H "Content-Type: application/octet-stream" --data-binary @/path/to/file.bin "https://cxprotect.com/upload-direct?filename=file.bin"
GET|POST /upload-zero
Zero-byte upload — Content-Length: 0
?filename=
curlcurl -X POST -H "Content-Type: application/octet-stream" -H "Content-Length: 0" "https://cxprotect.com/upload-zero?filename=empty.bin"
GET|POST /upload-limit/:kb
Upload with size cap in KB — 413 on exceed
:kb (1-204800)
curlcurl -X POST -F "file=@/path/to/file.txt" https://cxprotect.com/upload-limit/512
Echo 3
ANY /echo-headers
Echo all request headers as HTML table
curlcurl -v -H "X-Custom: test" https://cxprotect.com/echo-headers
ANY /echo-request
Echo method, URL, headers, query and body as JSON
curlcurl -X POST -H "Content-Type: application/json" -d '{"key":"val"}' https://cxprotect.com/echo-request
ANY /post-data
Echo POST body — DLP / content modifier tests
curlcurl -X POST -d "sensitive data here" https://cxprotect.com/post-data
Cookies 2
GET /set-cookie
Set test cookies with varying attributes
?name=?value=
curlcurl -c cookies.txt "https://cxprotect.com/set-cookie?name=test&value=hello"
GET /cookie-echo
Echo cookies received in the request
curlcurl -b cookies.txt https://cxprotect.com/cookie-echo
Encoding 3
GET /compressed-data
Gzip-compressed text/html response
curlcurl --compressed https://cxprotect.com/compressed-data
GET /chunked/:chunks/:delay_ms
Chunked Transfer-Encoding (no Content-Length)
:chunks (1-50):delay_ms (0-5000)
curlcurl -N https://cxprotect.com/chunked/5/500
GET /trickle/:bytes/:delay_ms
Byte-by-byte trickle — tests proxy read timeout
:bytes (1-500):delay_ms (0-2000)
curlcurl -N https://cxprotect.com/trickle/50/200
% URL Encode 3
GET /url-encode
URL-encode a string — returns percent-encoded value
?q=
curlcurl "https://cxprotect.com/url-encode?q=hello+world%20%26%20more"
GET /url-decode
URL-decode a percent-encoded string
?q=
curlcurl "https://cxprotect.com/url-decode?q=hello%20world%20%26%20more"
GET /url-echo
Echo the raw URL, decoded path and query params
curlcurl "https://cxprotect.com/url-echo?foo=bar%20baz&arr=1&arr=2"
Payload 3
GET /content-size/:size
Stream exactly N bytes of data
:size (500, 100K, 2M, 1G)
curlcurl -o /dev/null -w "%{size_download} bytes " https://cxprotect.com/content-size/1M
GET /large-payload/:mb
Stream N megabytes (default 1MB, max 100MB)
:mb (1-100)
curlcurl -o /dev/null -w "%{size_download} bytes " https://cxprotect.com/large-payload/10
GET /blob
Binary blob download
?size=bytes?filename=
curlcurl -o blob.bin "https://cxprotect.com/blob?size=4096&filename=test.bin"
Timing 2
GET /delay/:seconds
Hold response for N seconds
:seconds (1-60)
curlcurl -w "time_total: %{time_total}s " https://cxprotect.com/delay/5
GET /simulate_delay/:seconds
Alias for /delay
:seconds (1-60)
curlcurl -w "time_total: %{time_total}s " https://cxprotect.com/simulate_delay/5
# Status 2
GET /status/:code
Return any HTTP status code 100-599
:code
curlcurl -o /dev/null -w "%{http_code} " https://cxprotect.com/status/404
GET /no-response
Empty body response
?code=204
curlcurl -o /dev/null -w "%{http_code} " "https://cxprotect.com/no-response?code=204"
Headers 1
GET /custom-headers
Set custom response headers
?X-Foo=bar
curlcurl -v "https://cxprotect.com/custom-headers?X-Foo=bar&X-Test=hello" 2>&1 | grep "< X-"
Auth 2
GET /auth/basic/:user/:pass
HTTP Basic auth (default admin / secret)
:user:pass
curlcurl -u admin:secret https://cxprotect.com/auth/basic
GET /auth/digest
HTTP Digest auth (admin / secret)
curlcurl --digest -u admin:secret https://cxprotect.com/auth/digest
Redirect 1
GET /redirect/:hops
Redirect chain — N hops then 200
:hops (1-20)?code=302
curlcurl -L -w "redirects: %{num_redirects} " https://cxprotect.com/redirect/5
Connection 1
GET /drop-connection
Destroy TCP socket immediately — no response
curlcurl -v https://cxprotect.com/drop-connection
CSP 3
GET /testcsp
Interactive CSP Testing Lab
curlcurl -v https://cxprotect.com/testcsp 2>&1 | grep "content-security-policy"
GET /csp_tt
CSP Trusted Types test page
curlcurl -v https://cxprotect.com/csp_tt 2>&1 | grep "content-security-policy"
GET|POST /csp_reports
CSP violation report receiver + viewer
curlcurl -X POST -H "Content-Type: application/csp-report" -d '{"csp-report":{"violated-directive":"script-src"}}' https://cxprotect.com/csp_reports
Downloads 3
GET /downloads/
Browse and download files from the downloads store
curlcurl -O https://cxprotect.com/downloads/file_example_PDF.pdf
GET /uploads/
Browse files that have been uploaded to the server
curlcurl https://cxprotect.com/uploads/
GET /image_store/
Browse images in the image store
curlcurl -O https://cxprotect.com/image_store/Technology.jpg
Malware 1
GET /malware/
Browse malware samples directory
curlcurl -O https://cxprotect.com/malware/eicar-test.txt
No endpoints match your search.