oob•boo
Generate unique URLs that capture out-of-band interactions — DNS, HTTP, HTTPS, SMTP, LDAP, FTP & SMB — to detect SSRF, XXE, Log4Shell, UNC/NTLM leaks, and blind injection.
Generate a payload
Payload URLs
Mail sent to the address (any local-part works) is captured over SMTP & SMTPS. The LDAP payload detects JNDI/Log4Shell injection (${jndi:<ldap-url>}).
🔒 Your collaborator tokens live only in this browser (localStorage). The server keeps no account list and never shows anyone else's tokens or interactions. Clearing your browser data loses the list — captured data expires on its own.
My collaborators
| Subdomain | Description | Expires | Hits | ||
|---|---|---|---|---|---|
| No collaborators on this browser yet. Generate one above. | |||||
Recent interactions live
| Type | Source IP | Time | Details | |
|---|---|---|---|---|
| No interactions yet. | ||||
oob•boo Pro
You've reached the free-tier limit of 3 active collaborators in this browser. Forget one to free a slot — or upgrade for more.
Coming soon. The free tier detects the interaction and shows you who & where. Pro will unlock:
- › More active collaborators at once (free tier allows 3)
- › Reveal & export captured NTLMv2 hashes (hashcat-ready)
- › Full credential & payload capture
- › Longer retention & history
We're still building it — check back soon.