'error', 'message' => 'Invalid JSON input.']); exit; } $url = filter_var($input['url'] ?? '', FILTER_VALIDATE_URL); $method = strtoupper($input['method'] ?? 'GET'); $headersRaw = $input['headers'] ?? []; // Array of {key, value} $body = $input['body'] ?? ''; if (!$url) { header('Content-Type: application/json'); echo json_encode(['status' => 'error', 'message' => 'Invalid URL provided.']); exit; } // Security: Prevent local network scanning (SSRF protection) $host = parse_url($url, PHP_URL_HOST); if (in_array($host, ['localhost', '127.0.0.1', '0.0.0.0']) || strpos($host, '192.168.') === 0 || strpos($host, '10.') === 0) { header('Content-Type: application/json'); echo json_encode(['status' => 'error', 'message' => 'Requests to local network are blocked for security.']); exit; } // Prepare Headers $requestHeaders = []; foreach ($headersRaw as $h) { if (!empty($h['key'])) { $requestHeaders[] = $h['key'] . ': ' . $h['value']; } } // Initialize cURL $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); // We want response headers curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_TIMEOUT, 60); // Increased timeout curl_setopt($ch, CURLOPT_HTTPHEADER, $requestHeaders); curl_setopt($ch, CURLOPT_USERAGENT, 'HarisLab-APITester/2.0'); // Handle Body // FIX: Always set POSTFIELDS for methods that allow body, even if empty, to ensure Content-Length header is correct. if (in_array($method, ['POST', 'PUT', 'PATCH', 'DELETE'])) { curl_setopt($ch, CURLOPT_POSTFIELDS, $body); } $startTime = microtime(true); $responseRaw = curl_exec($ch); $endTime = microtime(true); $duration = round(($endTime - $startTime) * 1000); // ms header('Content-Type: application/json'); if (curl_errno($ch)) { echo json_encode([ 'status' => 'error', 'message' => 'cURL Error: ' . curl_error($ch) ]); } else { $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $downloadSize = curl_getinfo($ch, CURLINFO_SIZE_DOWNLOAD); // bytes // Separate Headers and Body $responseHeadersRaw = substr($responseRaw, 0, $headerSize); $responseBody = substr($responseRaw, $headerSize); // Parse Headers to Array $responseHeaders = []; foreach (explode("\r\n", $responseHeadersRaw) as $i => $line) { if ($i === 0) { $responseHeaders['Status'] = $line; } else { $parts = explode(': ', $line); if (count($parts) === 2) { $responseHeaders[$parts[0]] = $parts[1]; } } } echo json_encode([ 'status' => 'success', 'http_code' => $httpCode, 'time' => $duration . 'ms', 'size' => round($downloadSize / 1024, 2) . ' KB', 'headers' => $responseHeaders, 'body' => $responseBody ]); } curl_close($ch); exit; } ?> Advanced API Tester & REST/GraphQL Client | Test HTTP Requests Online - HarisLab.tech

Query Parameters

Response

Status: - Time: - Size: - 
Waiting for request...