oob.boo · FAQ & guide

Out-of-band (OOB / OAST) interaction testing

A plain-English guide to out-of-band application security testing and how to use oob.boo — a free Burp Collaborator and interactsh alternative.

What is out-of-band (OOB) security testing?

Many of the most serious web vulnerabilities are blind: the application is exploitable, but it never reflects the result back in the HTTP response. Out-of-band application security testing (OAST) catches these by making the target reach out to a server you control over a side channel — DNS, HTTP, email and more. If the callback arrives, the vulnerability is proven.

oob.boo is a free OAST tool — a free Burp Collaborator and interactsh alternative. You generate a unique payload URL, plant it in a parameter, header, hostname or template you suspect is vulnerable, and watch in real time as interactions land — each with the source IP and network (ASN) it came from.

What you can detect

  • SSRF (server-side request forgery) over HTTP, HTTPS & DNS
  • Blind XXE and XML external-entity injection
  • Log4Shell / JNDI injection via the LDAP payload
  • Blind SQL & command injection via DNS exfiltration
  • UNC / NTLM leaks from Windows clients over SMB
  • Email / SMTP callbacks and open-relay style flows

Eight protocols, one payload

Every collaborator you generate listens across all of these at once — well beyond Burp Collaborator's DNS/HTTP/SMTP:

DNS HTTP HTTPS SMTP SMTPS LDAP FTP SMB

How oob.boo works

  1. Generate a unique collaborator URL on the home page — no sign-up.
  2. Plant it where you suspect a blind vulnerability (a URL parameter, Host/X-Forwarded-For header, XML entity, or a ${jndi:…} string).
  3. Watch the Recent interactions table — any DNS, HTTP, SMTP, LDAP, FTP or SMB callback proves the target reached your server.
→ Generate a payload on the oob.boo home page

Frequently asked questions

What is oob.boo?

oob.boo is a free out-of-band application security testing (OAST) tool. It generates unique payload URLs that capture out-of-band interactions — over DNS, HTTP, HTTPS, SMTP, LDAP, FTP and SMB — so you can detect blind vulnerabilities such as SSRF, blind XXE, Log4Shell and blind SQL injection. It's a free alternative to Burp Collaborator and interactsh.

Is oob.boo free?

Yes. oob.boo is free to use, offered by Jiva Security. Generate collaborators with no account — the free tier keeps up to 3 active at a time. A paid Pro tier with more active collaborators, credential reveal and longer retention is coming.

Which protocols does oob.boo support?

DNS, HTTP, HTTPS, SMTP, SMTPS, LDAP, FTP and SMB — eight protocols, going beyond Burp Collaborator. LDAP capture detects JNDI/Log4Shell, and SMB captures UNC/NTLM authentication leaks.

How is oob.boo different from Burp Collaborator or interactsh?

oob.boo runs entirely in your browser with nothing to install, is free, and supports eight protocols including LDAP (Log4Shell) and SMB (NTLM capture). Your collaborator tokens never leave your browser and there's no account to create.

How long do oob.boo payloads last?

On the free tier each generated collaborator URL is live for three hours after creation. The Pro tier will offer longer retention and history.

Is my data private?

Your collaborator tokens live only in your browser's localStorage. The server keeps no account list and never shows anyone else's tokens or captured interactions.