What is OOB Server

OOB Server is your personal private Out-of-Band (OOB&#x29 Server to receive invocations to support for Out-of-band Application Security Testing (OAST).

Setting up your OOB Server

To start making use of your OOB server, you’d have to select your canary token name first.

This is an identifier that will help us forward any requests to you to make them visible in your account.

Setup process is straightforward:



Navigate to /oob-server/setup


Select a Name

Select a name to receive your interactions on. This name will be used as a subdomain of {name}.x49.io and {name}.x7.rs (your Callback Server).


Listen for Interactions

That’s it, you’ll now be redirected to the page where you can view your live DNS & HTTP interactions.

For security reasons, you will not be able to choose another name for your server.

Supported Invocation Types

At the moment, your OOB server supports 3 different

  • DNS
  • HTTP

Support for SMTP, FTP and other protocols will be added over time.