Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Accessing CollaboratorClients of other extensions

Login | Last updated: Jan 16, 2023 04:23PM UTC

Hello, my goal is to analyze all Collaborator traffic of the used Burp Suite instance, and not only the traffic of the CollaboratorClients I created. For example, if someone uses the "Collaborator Everywhere" extension, I want to be able to analyze the Collaborator traffic that it generated. This would allow my extension to analyze traffic passively, without having to re-implement "Collaborator Everywhere" functionalities with my own code. As of now it seems that the montoya API does not expose a list of locally created CollaboratorClients. Would it be possible to implement such a feature?

Hannah, PortSwigger Agent | Last updated: Jan 17, 2023 10:04AM UTC

Hi Could you describe your use case in some more detail? Different Collaborator contexts (like those internal to Burp and those associated with specific extensions) are deliberately isolated from each other. You could use passive network analysis with a tool like Wireshark to monitor the traffic between Burp and the Collaborator server.

Login | Last updated: Jan 17, 2023 11:09AM UTC

Hi Hannah, Sorry for being so unclear! I want to retrieve Collaborator Interactions of CollaboratorClients that were not created from my extension, but are internal to Burp or associated with an extension. This would allow extensions to access Interactions without having to generate traffic to the Collaborator server themselves. For example, my extension could then access Interactions that were triggered by "Collaborator Everywhere". As you noted, this is intentionally not possible. In my specific case, I want to analyze DNS messages (Interactions) and check for security issues in them. As of now, this only possible by analyzing Interactions associated with my extension. If I could access other Interactions as well, my extension could analyze them and warn the user that there are potential DNS security issues (or simply note that the DNS security can/should be further analyzed with my extension).

Liam, PortSwigger Agent | Last updated: Jan 19, 2023 07:49AM UTC

Thanks for following up, tastro0o. We'll consider your use case and get back to you if this is something we might consider supporting.

You need to Log in to post a reply. Or register here, for free.