$loading...
RequestBin captures incoming HTTP requests. But pentesters need more than a listener — they need the payloads that trigger callbacks. Payload Playground generates 54 OOB payload templates across 7 attack categories for any callback service.
| Feature | Payload Playground | RequestBin |
|---|---|---|
| Receive HTTP Requests | Via callback service | |
| OOB Payload Templates | 54 templates | |
| DNS Exfiltration Payloads | ||
| XXE Out-of-Band Payloads | ||
| Blind SSRF Payloads | ||
| Blind SQLi Payloads | ||
| Blind RCE Payloads | ||
| Multi-Service Support | Interactsh, Collaborator, custom | Own endpoint |
| 25 Payload Generators | ||
| WAF Bypass Mutations | 50+ mutations | |
| CLI Tool (npm) | ||
| No Account Required | ||
| 100% Client-Side |
RequestBin receives requests. Payload Playground generates the payloads that trigger them. 54 templates across DNS, HTTP, XXE, SSRF, XSS, RCE, and SQLi — each optimized for out-of-band data exfiltration.
Generate payloads for Interactsh, Burp Collaborator, webhook.site, or any custom domain. Enter your callback URL and get ready-to-use payloads for every OOB technique.
Beyond OOB testing, get dedicated generators for XSS, SQLi, SSTI, SSRF, command injection, reverse shells, and more. Combine with the WAF Bypass Transformer and Payload Mutator for evasion.
No sign-up required. Everything runs in your browser. The CLI tool lets you generate OOB payloads from your terminal and pipe them directly into your workflow.
Cloud metadata, internal services, protocol smuggling
File read, SSRF, OOB exfiltration via DTD
Blind XSS with callback payloads
Blind SQLi with DNS/HTTP exfiltration
50+ WAF bypass mutations for any payload
Generate OOB payloads from terminal