Skip to main content
This page lists the currently available Flowtamper templates. Each template defines rules for intercepting, modifying, or extracting data from HTTP/HTTPS requests and responses.
Templates can be used for API debugging, web traffic analysis, or penetration testing scenarios.
templates

Flowtamper templates

Flowtamper Templates Web UI Interface
Use the templates as-is or customize them to suit specific testing needs.

Available Flowtamper Templates

IDNameAuthorEnabledTagsCategoryDescription
capture-security-misconfigCapture Insecure Security Headerspentest-devtrueowasp, headers, a05detectionDetects missing security headers like CSP, HSTS, X-Frame-Options
extract-sql-errorsExtract SQL Error Messagespentest-devtrueowasp, sql, a03detectionCaptures SQL error messages in responses
disable-cacheDisable Cache in All Responsesdevtruecache, headersmodificationForces all responses to disable caching for better interception
extract-api-keysExtract API Keysdevtrueapi, keys, sensitiveexfiltrationExtracts API keys leaked in JSON or headers
extract-auth-tokensExtract Authentication Tokenspentest-devtrueowasp, auth, a07exfiltrationExtracts JWT, Bearer tokens and session IDs from responses and headers
extract-js-secretsExtract secrets from JavaScriptdevtruejavascript, tokens, secretsexfiltrationExtracts sensitive info (tokens, URLs, keys) from JS responses
extract-sensitive-dataExtract Sensitive Datapentest-devtrueowasp, sensitive, a02exfiltrationExtracts credit cards, emails and CPF numbers from responses
extract-server-versionExtract Server and Framework Versionspentest-devtrueowasp, server, a06exfiltrationExtracts server and framework versions from headers and body
extractor-session-cookieExtract session cookiedevtrueauth, cookie, pentestmodificationInjects fake session cookie and strips security headers