Skip to content
Sign upLog in
← Back to Community
Repl.co/__ urls?
Profile icon
MarkRosenbaum

While experimenting around with repl.co I found that there are some url ending that do different thing.

/__replauth Is for built in repl auth
/__logs will show you the console output of your repl
/__repl will take you to the repl that is serving the website

I was wondering if anyone had found any other ones of these or at least looked into them?

Voters
Profile icon
LilWolfy
Profile icon
EpicGamer007
Profile icon
PYer
Profile icon
piphi
Profile icon
ch1ck3n
Profile icon
JBloves27
Profile icon
MarkRosenbaum
Profile icon
MikeW3
Comments
hotnewtop
Profile icon
EpicGamer007

At the moment, these are the special links which are found:

__logs - Console logs
__repl - Redirects to the repl
__replauth - For replauth
__tail - Basically __logs but in a different format
__proxyproof - For checking whether a custom domain on replit is connected
/__debug_wrapper.html - No idea what it means

Profile icon
MarkRosenbaum

@EpicGamer007
I know, Repl formatted my message weirdly. Also, thanks I hope there are more of these.

Profile icon
MarkRosenbaum

@EpicGamer007
just was playing around with __tail and oh boy. After waiting a bit after it downloaded __tail it downloaded __tail.part inside the file was:

event: status
data: connected

event: interper
data: {"channel":45,"session":8808,"state":"Stopped"}

event: interper
data: {"channel":45,"session":8808,"output":"\u001b[1G\u001b[0J\u001b[33m\u001b[00m \u001b[3G"}

event: runner
data: {"channel":4,"session":8808,"state":"Running"}

event: runner
data: {"channel":4,"session":8808,"output":"====================================================\r\nPID : 40\r\nNode.js : v12.22.1\r\nTotal.js : v3.4.8\r\nOS : linux 5.4.0-1042-gcp\r\nMemory : 8.55 MB / 11.96 MB\r\nUser : runner\r\n====================================================\r\nName : Messenger\r\nVersion : 3.0.0\r\nAuthor : Mark Rosenbaum\r\nDate : 2021-05-11 20:37:54\r\nMode : release\r\n====================================================\r\nDirectory : /home/runner/messenger\r\nnode_modules : /home/runner/messenger/node_modules/total.js/\r\n====================================================\r\n\r\nhttp://0.0.0.0:8000/\r\n\r\n"}

event: control
data: {"bootStatus":{"stage":"COMPLETE"}}

event: control
data: {"portOpen":{"forwarded":true,"port":8000,"address":"00000000"}}

event: packager
data: {"channel":46,"session":8808,"state":"Stopped"}

Profile icon
MarkRosenbaum

one again it formated it weirdly, add __ before tail

Profile icon
EpicGamer007

@MarkRosenbaum
yea, its basically the same as __logs but a bit different

Profile icon
RayhanADev

@MarkRosenbaum
that's the crosis/replit protocol message log?????????

Profile icon
MarkRosenbaum

@RayhanADev
Ok, thanks. Why the ??????????? though

Profile icon
RayhanADev

@MarkRosenbaum
because I didn't think they would log the messages lol, srry if that was a bit out of the blue

Profile icon
MarkRosenbaum
Profile icon
HackermonDev

@EpicGamer007
__proxyproof is for checking whether a custom domain on replit is connected.

Profile icon
EpicGamer007

@HackermonDev
oh ok. thanks. i will add it to the list

Profile icon
MarkRosenbaum

@HackermonDev
thanks but how would i understand it? its just a sting of numbers. what will it look like if a custom domain it attached vs not attached?

Profile icon
HackermonDev

@MarkRosenbaum
So when you add a custom domain, replit keeps like doing a GET request to __proxyproof with a random id, example __proxyproof_randomid1234 and then the repl/proxy returns a base64 text that is encoded with jsonwebtoken example: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJob3N0IjoiZGV2cy50dXJiaW8ucmVwbC5jbyIsInJlcGxpZCI6IjFhZDIwNDVkLTc0MWItNDRlYy05OGFlLTNlMTJiODEyOTcyZiIsInJlcGxpdC1jbHVzdGVyIjoiZ2xvYmFsIn0.MQg9FHxOTVMGXrMAM56MuZsN5qaDykUgzfINFO29Ybr1Bh3hbb_MdStKIoeseEpidY0om_aIxvijquNR-x5hSQ and if you decode it, its something like this:

{"alg":"ES256","typ":"JWT"}{"host":"repl.user.repl.co","replid":"1ad2045d-741b-44ec-98ae-3e12b812972f","replit-cluster":"global"} BET .fyH3|E;oXnAx[oJ҈cJ&1(~ǘR which basically just tells replit the domain is connected and some info about the domain.

Profile icon
MarkRosenbaum

@HackermonDev
ok, thanks

Profile icon
KuroDev

this could be bad for my webpages because it even works behind a domain. take for example https://www.antimatter-beta.cf/__repl

Profile icon
PYer

@KuroDev
Oh... I agree, not sure I want that to happen...

Profile icon
MarkRosenbaum

@KuroDev
For me the bad part is the logs, on my domain https://janitor.cyberwolf.tech/__logs it creates quite a bug security risk. I have hacker so im not as much worried about the __repl

Profile icon
MarkRosenbaum

Found another: /__debug_wrapper.html

Profile icon
ChristinaSchw

Constants are a special type of variable. Once declared, the value cannot be changed (unless video speed controller you change the value when initializing it). In JS you use the const keyword: const pi = 3.14159

Profile icon
MarkRosenbaum

It also works on linked domains: https://messenger.cyberwolf.tech/__logs

Profile icon
MikeW3

interesting; I just found out about the /logs one a few days ago while inspecting a repl while it was "Waking Up"

Profile icon
MarkRosenbaum

@MikeW3
nice

Profile icon
MarkRosenbaum

for some reason these got formatted weirdly when I made this post. /replauth and /logs should have a __ between the / and the word