What is out-of-band (OOB) testing?

Out-of-band testing is a technique where the tester injects a payload that causes the target to make an external request (DNS, HTTP, etc.) to a controlled server. This confirms vulnerabilities like blind SQL injection, SSRF, XXE, and RCE even when the application does not return direct output.

What callback services are supported?

This tool generates payloads for Burp Collaborator, interactsh (interact.sh), webhook.site, RequestBin, and custom domains. You can use any of these services to catch DNS and HTTP callbacks during penetration testing.

Is my data sent to a server?

No. All payloads are generated entirely in your browser. No data is sent to any server. The callback services themselves are third-party services you must set up separately.

Callback Catcher Helper

Generate out-of-band (OOB) callback payloads for blind vulnerability testing. Supports Burp Collaborator, interactsh, webhook.site, RequestBin, and custom domains. Ready-to-use payloads for DNS, HTTP, XXE, SSRF, XSS, RCE, and blind SQLi. For authorized testing only.

X LinkedIn Reddit

Callback Service

Current Callback

DNS / Hostname:

h9wspogozja.interact.sh

HTTP URL:

http://h9wspogozja.interact.sh

ID: h9wspogozja

nslookup

nslookup h9wspogozja.interact.sh

dig

dig h9wspogozja.interact.sh

host

host h9wspogozja.interact.sh

ping

ping -c 1 h9wspogozja.interact.sh

PowerShell Resolve

Resolve-DnsName h9wspogozja.interact.sh

Python DNS

python3 -c "import socket; socket.gethostbyname('h9wspogozja.interact.sh')"

Quick Setup Guides

Burp Collaborator

1. Open Burp Suite Pro
2. Go to Burp > Collaborator client
3. Click "Copy to clipboard"
4. Paste your Collaborator subdomain here

Interactsh

1. Install: go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
2. Run: interactsh-client
3. Copy the generated URL
4. Watch for incoming interactions

webhook.site

1. Visit https://webhook.site
2. Copy your unique URL
3. Use it as callback in payloads
4. Monitor incoming requests on the page

Custom Server

1. Set up a VPS with a DNS wildcard
2. Run: python3 -m http.server 80
3. Or use: socat TCP-LISTEN:80,fork -
4. Monitor for incoming connections

Related Tools

DNS Record Lookup

Query DNS records with security insights for SPF/DMARC/DKIM.

IP / CIDR Calculator

Subnet calculator, IP converter, and SSRF bypass generator.

MSFVenom Command Builder

Generate msfvenom commands for common payloads and platforms.

OAuth / OIDC Attack Wizard

Test OAuth 2.0 and OIDC for redirect_uri bypass and more.

$loading...