This article does not have a corresponding language version
PENTESTWEBSECURITYTOOL

Introduction:

Hello everyone in the information security community!

In the never-ending battle against security vulnerabilities, sending and managing a large volume of HTTP requests is a daily task for pentesters like us. From API testing, fuzzing parameters, to replaying complex attack scenarios, all require precision and efficiency.

We have many tools to help, but sometimes their “smartness” limits low-level fine-grained control. Have you ever been annoyed when a tool automatically adds headers, encodes data in a way you don’t want, or simply doesn’t allow you to send exactly the same raw request you captured with Wireshark or Burp Suite?

If your answer is yes, then today I want to introduce a brand-new tool designed to solve exactly that problem: plockchain.

What is Plockchain?

As its name suggests (possibly a playful combination of “block” and “chain” or “lock” and “chain”—implying connection and security?), plockchain is a tool to automate sending HTTP requests, but with a core philosophy: give full control to the user via Raw Request and flexible YAML configuration.

Forget about complex GUIs or heavy abstractions. With plockchain, you work directly with the most important elements: the raw data of the request and execution logic clearly defined in the configuration file.

Why Raw Request and YAML?

  1. The Power of Raw Request: As pentesters, we understand the value of analyzing and manipulating raw requests directly. This is the only way to fully understand how the protocol works, spot anomalies, and construct attack payloads accurate down to each byte. plockchain lets you paste a raw request straight into the configuration and have the tool do the rest—automatically send it, repeat it, or transform it based on the logic you define. This flexibility is invaluable when you need to recreate a specific attack scenario or test edge cases that other tools struggle with.

  2. Configuration via YAML: Simple, Powerful, Shareable: YAML is a human-friendly configuration format—easy to read and write. plockchain uses YAML so you can define the sequence of requests to send (“chain”), variables to use, response handling logic, stopping conditions, etc. This not only helps you organize testing scenarios systematically but also makes it easy to share configurations with teammates. A single YAML file can describe the entire testing workflow for a specific feature of a web application or API.

What Can Plockchain Do for Pentesters?

  • API Testing Automation: Send a large number of requests to API endpoints with different payloads.
  • Fuzzing: Combine raw requests with the ability to define variables and loops in YAML to build custom fuzzing scenarios.
  • Replay Attack Scenarios: Easily copy/paste raw requests from logs or proxy and automate resending to check vulnerability stability or verify a patch.
  • Chained Request Testing: Define dependent request steps, e.g., login to obtain a session, then use that session for subsequent requests.
  • Fine-Grained Control: Tune every aspect of the request: headers, body, method, URL, even HTTP version if needed (depending on the HTTP library plockchain uses under the hood, but the idea is you can define it at the raw level).

How It Works (Overview):

You only need to prepare a YAML configuration file, where you define the raw request(s) and handling logic. plockchain reads this file and executes the requests in the order and logic you specified. Results can be processed or logged according to the configuration.

Conclusion:

Plockchain doesn’t aim to replace large, full-featured pentesting suites. Instead, it focuses on solving one specific problem effectively: automating request sending with maximum control at the raw level, driven by a clear YAML configuration. For those who value flexibility, deep customization, and working close to the HTTP protocol, plockchain is definitely a tool worth exploring and adding to your toolkit.

Check out the plockchain repository on GitHub to learn more about installation, configuration, and start automating your request-sending tasks today!

Plockchain GitHub

Congratulations on this interesting tool! Hope it will be useful to the pentesting community.

Author: nquangit @ nquangit - Pentester

Permalink: https://nquangit.io.vn/post/pentest/plockchain/

Title: Plockchain: Automation with Raw Request Tool

Published: 2025-06-10 01:00:00

Updated: 2025-06-10 01:00:00

License: All articles on this blog are licensed under the BY-NC-SA license agreement unless otherwise stated. Please indicate the source when reprinting!

Leave a comment

giscus