Outbound Interaction & OOB Detection

Activation Triggers (Positive)

• ssrf callback
• blind xss
• webhook abuse
• oob
• dns interaction
• asynchronous callback
• xxe out of band

Exclusion Triggers (Negative)

• fully in-band exploit
• static code review only
• report drafting only

Output Schema

• Callback correlation table: token, payload path, timestamp, source context
• Validation verdict: confirmed, not confirmed, inconclusive
• Follow-on exploitation opportunities from confirmed outbound behavior

Instructions

1. Generate unique per-test correlation identifiers before sending payloads.
2. Ensure callback listener scope and retention are sufficient for delayed events.
3. Correlate callbacks by token, path, and time window before confirmation.
4. Differentiate noisy background traffic from test-linked interactions.
5. Use control payloads to reduce false positives.
6. Pass confirmed primitives to exploit or logic skills with full correlation evidence.

Should Do

• Treat OOB validation as evidence discipline, not only payload dispatch.
• Preserve immutable callback logs for auditability.
• Include both positive and negative control outcomes.

Should Not Do

• Do not claim confirmation without deterministic correlation.
• Do not reuse tokens across unrelated tests.
• Do not expose real secrets in callback payloads.