Tricky Tunnels
Tricky Tunnels is a developer tunneling service with provisioning APIs, status dashboards, and diagnostic tooling.
The Scenario
TrickyTunnels provides a tunneling service that developers use to expose local apps for demos and integration testing.
A customer discovered configuration artifacts being shared publicly and the company is worried that diagnostic tooling might be exposed. You've been hired to evaluate the platform's web surface and any supporting services that power provisioning and status reporting. The goal is to show what an attacker could enumerate or control, and to produce evidence the engineers can use to harden the system.
Lab Intel
Synopsis
TrickyTunnels have enlisted your services to evaluate their developer tunneling platform's web surface after a customer discovered configuration artifacts being shared publicly. They need to know what an attacker could enumerate or extract from exposed diagnostic tooling.
Architecture
An easy-rated single-service lab running a lightweight FastAPI tunneling service. There is no database or authentication -- the challenge is pure reconnaissance and information disclosure. You'll chain together clues from standard recon targets, HTTP headers, and an exposed debug endpoint to extract secrets from the environment.
Who It's For
Beginners who are just getting started with web application reconnaissance. You should know how to make HTTP requests and inspect response headers, but no exploitation experience is needed -- this lab is about finding what's already exposed.
Skills You'll Practice
- Basic HTTP request/response inspection
- Familiarity with common recon files (robots.txt, sitemap.xml)
- Reading and interpreting HTTP response headers
What You'll Gain
- Web application reconnaissance techniques
- robots.txt and path enumeration
- Debug endpoint discovery
- Sensitive environment variable extraction
- HTTP header analysis (Link header)