Ask coding questions

← Back to all posts
Repl.co/__ urls?
MarkRosenbaum

While experimenting around with repl.co I found that there are some url ending that do different thing.

/replauth Is for built in repl auth
/
logs will show you the console output of your repl
/__repl will take you to the repl that is serving the website

I was wondering if anyone had found any other ones of these or at least looked into them?

Voters
LilWolfy
EpicGamer007
PYer
piphi
ch1ck3n
JBloves27
MarkRosenbaum
MikeW3
Comments
hotnewtop
EpicGamer007

At the moment, these are the special links which are found:

__logs - Console logs
__repl - Redirects to the repl
__replauth - For replauth
__tail - Basically __logs but in a different format
__proxyproof - For checking whether a custom domain on replit is connected
/__debug_wrapper.html - No idea what it means

MarkRosenbaum

@EpicGamer007 I know, Repl formatted my message weirdly. Also, thanks I hope there are more of these.

MarkRosenbaum

@EpicGamer007 just was playing around with tail and oh boy. After waiting a bit after it downloaded tail it downloaded __tail.part inside the file was:

event: status
data: connected

event: interper
data: {"channel":45,"session":8808,"state":"Stopped"}

event: interper
data: {"channel":45,"session":8808,"output":"\u001b[1G\u001b[0J\u001b[33m\u001b[00m \u001b[3G"}

event: runner
data: {"channel":4,"session":8808,"state":"Running"}

event: runner
data: {"channel":4,"session":8808,"output":"====================================================\r\nPID : 40\r\nNode.js : v12.22.1\r\nTotal.js : v3.4.8\r\nOS : linux 5.4.0-1042-gcp\r\nMemory : 8.55 MB / 11.96 MB\r\nUser : runner\r\n====================================================\r\nName : Messenger\r\nVersion : 3.0.0\r\nAuthor : Mark Rosenbaum\r\nDate : 2021-05-11 20:37:54\r\nMode : release\r\n====================================================\r\nDirectory : /home/runner/messenger\r\nnode_modules : /home/runner/messenger/node_modules/total.js/\r\n====================================================\r\n\r\nhttp://0.0.0.0:8000/\r\n\r\n"}

event: control
data: {"bootStatus":{"stage":"COMPLETE"}}

event: control
data: {"portOpen":{"forwarded":true,"port":8000,"address":"00000000"}}

event: packager
data: {"channel":46,"session":8808,"state":"Stopped"}

MarkRosenbaum

one again it formated it weirdly, add __ before tail

EpicGamer007

@MarkRosenbaum yea, its basically the same as __logs but a bit different

RayhanADev

@MarkRosenbaum that's the crosis/replit protocol message log?????????

MarkRosenbaum

@RayhanADev Ok, thanks. Why the ??????????? though

RayhanADev

@MarkRosenbaum because I didn't think they would log the messages lol, srry if that was a bit out of the blue

MarkRosenbaum
HackermonDev

@EpicGamer007 __proxyproof is for checking whether a custom domain on replit is connected.

EpicGamer007

@HackermonDev oh ok. thanks. i will add it to the list

MarkRosenbaum

@HackermonDev thanks but how would i understand it? its just a sting of numbers. what will it look like if a custom domain it attached vs not attached?

HackermonDev

@MarkRosenbaum So when you add a custom domain, replit keeps like doing a GET request to __proxyproof with a random id, example __proxyproof_randomid1234 and then the repl/proxy returns a base64 text that is encoded with jsonwebtoken example: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJob3N0IjoiZGV2cy50dXJiaW8ucmVwbC5jbyIsInJlcGxpZCI6IjFhZDIwNDVkLTc0MWItNDRlYy05OGFlLTNlMTJiODEyOTcyZiIsInJlcGxpdC1jbHVzdGVyIjoiZ2xvYmFsIn0.MQg9FHxOTVMGXrMAM56MuZsN5qaDykUgzfINFO29Ybr1Bh3hbb_MdStKIoeseEpidY0om_aIxvijquNR-x5hSQ and if you decode it, its something like this:

{"alg":"ES256","typ":"JWT"}{"host":"repl.user.repl.co","replid":"1ad2045d-741b-44ec-98ae-3e12b812972f","replit-cluster":"global"} BET .fyH3|E;oXnAx[oJ҈cJ&1(~ǘR which basically just tells replit the domain is connected and some info about the domain.

MarkRosenbaum

@HackermonDev ok, thanks

KuroDev

this could be bad for my webpages because it even works behind a domain. take for example https://www.antimatter-beta.cf/__repl

PYer

@KuroDev Oh... I agree, not sure I want that to happen...

MarkRosenbaum

@KuroDev For me the bad part is the logs, on my domain https://janitor.cyberwolf.tech/__logs it creates quite a bug security risk. I have hacker so im not as much worried about the __repl

MarkRosenbaum

Found another: /__debug_wrapper.html

MarkRosenbaum

It also works on linked domains: https://messenger.cyberwolf.tech/__logs

MikeW3

interesting; I just found out about the /logs one a few days ago while inspecting a repl while it was "Waking Up"

MarkRosenbaum

@MikeW3 nice

MarkRosenbaum

for some reason these got formatted weirdly when I made this post. /replauth and /logs should have a __ between the / and the word