"Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order,
where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file."
<a href="http://www.ucertify.com/article/what-is-traceaxd.html">http://www.ucertify.com/article/what-is-traceaxd.html</a>
It is a separate file to store tracing messages. If you have pageOutput set to true, your webpage will acquire a large table at the bottom. That will list lots of information—the trace information. trace.axd allows you to see traces on a separate page, which
is always named trace.axd.
<a href="http://www.dotnetperls.com/trace">http://www.dotnetperls.com/trace</a>
LOW? Actually a Medium.
<a href="http://2.bp.blogspot.com/-Pyah57XUOdY/T77bzNxQhBI/AAAAAAAAA1o/x6exxge_MfM/s1600/trace-axd-16.PNG"></a>
<a href="http://2.bp.blogspot.com/-yXEjfsUqBFc/T77cJQJPGVI/AAAAAAAAA14/L1NK7nhC8F4/s1600/nessus-traceaxd-screenie.PNG"></a>
What can I do with it?
Read ALL variables and data from HTTP requests
POST requests rock! ?
Discovery?
Metasploit
Vuln Scanners
<a href="http://4.bp.blogspot.com/-UkJo3k9DK2I/T77c4HO9LcI/AAAAAAAAA2I/j_VWwhTSnlI/s1600/msf-trace-sani.PNG"></a>
Example
<a href="http://2.bp.blogspot.com/-dTVq4jvQLuc/T77dYpP_cmI/AAAAAAAAA2Q/egtMl-YSSDw/s1600/trace-example1-sani.PNG"></a>
Main trace.axd page
<a href="http://4.bp.blogspot.com/-uJaFiimodOQ/T77dZ4Pb9pI/AAAAAAAAA2Y/4Z9xvH8UO_o/s1600/trace-example2-sani.PNG"></a>
Viewing a request
<a href="http://4.bp.blogspot.com/-qvX3tUT7bVo/T77daT0_PKI/AAAAAAAAA2g/WOCyV8UNJOo/s1600/trace-example3-sani.PNG"></a>
Post request with creds
<a href="http://zeroknock.blogspot.com/2012/05/traversing-traceaxd-and-miconfiguration.html">http://zeroknock.blogspot.com/2012/05/traversing-traceaxd-and-miconfiguration.html</a>
-CG