Webhook.site, RequestBin, and interactsh are receivers — they listen for incoming connections. Payload Playground is the complement: it generates the payloads that trigger those connections. SSRF vectors, XXE OOB entities, DNS callbacks, LDAP injection, blind SQLi exfiltration — generated for any receiver you use.
You need a real-time HTTP request receiver with a persistent unique URL. Webhook.site logs every incoming request with full headers, body, and metadata — perfect for confirming that an SSRF or XXE vulnerability successfully made an outbound connection to your controlled server.
You need to generate the payloads that trigger the callbacks. Enter your webhook.site URL, Burp Collaborator subdomain, or interactsh host and get ready-to-inject SSRF, XXE, DNS, SMTP, FTP, or LDAP payloads. Six protocol types, multiple payload variants per type.
| Feature | Payload Playground | Webhook.site |
|---|---|---|
| HTTP Request Receiver | ||
| Real-Time Request Log | ||
| Persistent Unique URL | ||
| SSRF Payload Generation | ||
| XXE OOB Payload Generation | ||
| DNS Callback Payloads | ||
| LDAP / SMTP / FTP Payloads | ||
| Burp Collaborator Compatible | HTTP only | |
| Blind SQLi OOB Templates | ||
| interactsh Compatible | ||
| 100% Client-Side |
Most pentesters only think HTTP when testing OOB. Payload Playground generates callback payloads for HTTP, DNS, SMTP, FTP, LDAP, and more — essential when HTTP egress is blocked but DNS is not.
Enter your Collaborator subdomain or interactsh host, select the vulnerability class, and get a ready-to-inject payload. No manual string formatting or protocol wrappers to write.
Webhook.site shows you what arrives; Payload Playground generates what to send. SSRF with IP obfuscation, XXE with external DTD exfiltration, and blind SQLi DNS exfil queries — all in one place.
Not locked into one service. Generate payloads targeting webhook.site, Burp Collaborator, interactsh, RequestBin, your own VPS, or any domain you control.
Generate SSRF, XXE, DNS, LDAP, and SMTP OOB payloads
Test CORS misconfigurations with callback detection
SSRF vectors with IP obfuscation and protocol wrappers
XXE entities including OOB exfiltration templates
XSS, SQLi, SSTI, SSRF, reverse shells, and more
Generate callback payloads from your terminal