Pentest Tools

Published on March 27th, 2016 📆 | 2707 Views ⚑


Rack-Bug – Debugging Toolbar For Rack Applications Implemented As Middleware

Convert Text to Speech
Rack::Bug adds a diagnostics toolbar to Rack apps. When enabled, it injects a floating div allowing exploration of logging, database queries, template rendering times, etc.


  • Password-based security
  • IP-based security
  • Rack::Bug instrumentation/reporting is broken up into panels.
    • Panels in default configuration:
      • Rails Info
      • Timer
      • Request Variables
      • SQL
      • Active Record
      • Cache
      • Templates
      • Log
      • Memory
    • Other bundled panels:
      • Redis
      • Sphinx
    • The API for adding your own panels is simple and powerful

Rails quick start

script/plugin install git://

In config/environments/development.rb, add:

config.middleware.use "Rack::Bug",
  :secret_key => "someverylongandveryhardtoguesspreferablyrandomstring"

Add the bookmarklet to your browser:

open https://RAILS_APP/__rack_bug__/bookmarklet.html

Using with non-Rails Rack apps
Just 'use Rack::Bug' as any other middleware. See the SampleApp in the spec/fixtures folder for an example Sinatra app.
If you wish to use the logger panel define the LOGGER constant that is a ruby Logger or ActiveSupport::BufferedLogger

Configuring custom panels
Specify the set of panels you want, in the order you want them to appear:

require "rack/bug"
[adsense size='1']
ActionController::Dispatcher.middleware.use Rack::Bug,
  :secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
  :panel_classes => [

Running Rack::Bug in staging or production
We have have found that Rack::Bug is fast enough to run in production for specific troubleshooting efforts.

Add the middleware configuration to an initializer or the appropriate environment files, taking the rest of this section into consideration.

Restrict access to particular IP addresses:

require "ipaddr"

ActionController::Dispatcher.middleware.use "Rack::Bug"
  :secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
  :ip_masks   => ["")]

Restrict access using a password:

ActionController::Dispatcher.middleware.use "Rack::Bug",
  :secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
  :password   => "yourpassword"


  • Maintained by Bryan Helmkamp
  • Contributions from Luke Melia, Joey Aghion, Tim Connor, and more

For development, you'll need to install the following gems: rspec, rack-test, webrat, sinatra

Download Rack-Bug

Comments are closed.