3/18/2023 0 Comments Burp suite alternativeWe periodically add new domain names for the public Collaborator server to reduce the chance of WAF blacklisting resulting in false negatives. Both interactions contain the random data that Burp placed into the Collaborator subdomain.īurp polls the Collaborator server and asks: "Did you receive any interactions for my payload?", and the Collaborator returns the interaction details.īurp reports the external service interaction to the Burp user, including the full interaction messages that were captured by the Collaborator server. The DNS lookup and the HTTP request are received by the Collaborator server. To do this, it will first perform a DNS lookup on the random subdomain, and then perform an HTTP request. ĭue to its programmed behavior (intended or otherwise), the application fetches the contents of the URL.It provides an HTTP/HTTPS service, and uses a valid, CA-signed, wildcard TLS certificate for its domain names.īelow are some examples of issues that can be detected via Burp Collaborator.Ī typical external service interaction issue can be detected as follows:īurp sends a payload to the application containing a URL that uses a random subdomain of one of the Collaborator domains, for example: param= It provides a DNS service that answers any lookup on its registered domains (or subdomains) with its own IP address. It uses its own dedicated domain names, and the server is registered as the authoritative DNS server for these domains. Burp periodically polls the Collaborator server to determine whether any of its payloads have triggered interactions:īurp Collaborator is used by Burp Scanner and the manual Burp Collaborator client, and can also be used by the Burp Extender API.īurp Collaborator runs as a single server that provides custom implementations of various network services: When Burp Collaborator is being used, Burp sends payloads to the application being audited that are designed to cause interactions with the Collaborator server when certain vulnerabilities or behaviors occur. For example, the application might retrieve the contents of a supplied URL and include it in its own response. Some vulnerabilities arise when an application can be induced to retrieve content from an external system and process it in some way. For example, mail header injection can be detected in this way. Some service-specific vulnerabilities can be detected by submitting payloads targeting those services to the target application, and analyzing the details of the resulting interactions with a collaborating instance of that service. For example, some blind SQL injection vulnerabilities cannot be made to cause any difference in the content or timing of the application's responses, but they can be detected using payloads that cause an external interaction when injected into a SQL query. Some injection-based vulnerabilities can be detected using payloads that trigger an interaction with an external system when successful injection occurs. This section contains information about What Burp Collaborator is, How Burp Collaborator works, Security of data processed by Burp Collaborator, and Options for using Burp Collaborator.īurp Collaborator is a network service that Burp Suite uses to help discover many kinds of vulnerabilities. ENTERPRISE PROFESSIONAL Burp Collaborator
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |