Sometimes when we are performing a pentest or bug bounties we need an external site to verify some blind injections or exfiltrate data. This is known as Out-of-Band or just OOB.

Also in some of the newest vulnerabilities found, such as log4j, also needed a OOB DNS resource to validate if a machine could be compromised.

There are some free Out-of-band (OOB) resources available on the internet, let’s review the most important ones:

  1. Burpcollaborator: Paid resource, you will need Burpsuite to run it.
  2. Free resource, you can interact directly in their Web UI. No need to register.
  3. Free resource, sends you the result via your email or your webhook!
  4. Free, no registration. Valid for HTTP and DNS requests.
  5. Free, no registration.
  6. If you have a VPS you can just use netcat to intercept any traffic coming to your host with: nc -vvv -l -p 8080 for example, if you are expecting traffic on port 8080. If you would like to check against log4j just substitute the port by LDAP port 389 like nc -vvv -l -p 389

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply