oob•boo
Generate unique URLs that capture out-of-band interactions — DNS, HTTP, HTTPS, SMTP, LDAP & FTP — to detect SSRF, XXE, Log4Shell, and blind injection.
Generate a payload
Payload URLs
HTTP
HTTPS
DNS
SMTP
LDAP
FTP
Mail sent to the address (any local-part works) is captured over SMTP & SMTPS. The LDAP payload detects JNDI/Log4Shell injection (${jndi:<ldap-url>}).
🔒 Your collaborator tokens live only in this browser (localStorage). The server keeps no account list and never shows anyone else's tokens or interactions. Clearing your browser data loses the list — captured data expires on its own.
My collaborators
| Subdomain | Description | Expires | Hits | ||
|---|---|---|---|---|---|
| No collaborators on this browser yet. Generate one above. | |||||
Recent interactions live
| Type | Source IP | Time | Details | |
|---|---|---|---|---|
| No interactions yet. | ||||