Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Active Scanning Using Default Collaborator Server Spoofing Instead of Private Collaborator Server

Greg | Last updated: Dec 09, 2017 12:04AM UTC

Under Project Options, I have "Use a private Collaborator server" selected with the name of an external Ubuntu 16.04LTS host that has Burp Collaborator Server running on it. However, when I dig through the results from the Active Scanner, Burp is embedding spoofed addresses for the public Collaborator Server instead of my private Collaborator Server: Cache-Control: no-transform X-Originating-IP: spoofed.i6puxzmx7or59k2usesgr3h1psvkrff4.burpcollaborator.net X-Wap-Profile: http://o3s0u5j34uob6qz0pkpmo9e7mysqoncc.burpcollaborator.net/wap.xml X-Real-IP: spoofed.krfwi17zsqc7umnwdgdic523augmck09.burpcollaborator.net Contact: root@738juojm4dou69zjp3p5oseqmhs9o8cx.burpcollaborator.net True-Client-IP: spoofed.4otgfl4jpa9rr6kga0a29pzn7ed696xv.burpcollaborator.net From: root@h1jtsyhw2nm44jxtndnfm2c0krqjmka9.burpcollaborator.net Forwarded: for=spoofed.dwdpnucsxjh0zfspi9ibhy7wfnlfhh56.burpcollaborator.net;by=spoofed.dwdpnucsxjh0zfspi9ibhy7wfnlfhh56.burpcollaborator.net;host=spoofed.dwdpnucsxjh0zfspi9ibhy7wfnlfhh56.burpcollaborator.net X-Client-IP: spoofed.smi4d927ny7fpui48o8q7dxb52bu7xvm.burpcollaborator.net X-Forwarded-For: spoofed.yfha6fvdg40li0ba1u1w0jqhy84005ou.burpcollaborator.net Client-IP: spoofed.aaom1rqpbgvxdc6mw6w8vvlttkzcw2kr.burpcollaborator.net How do I go about configuring this? With exception to SSL errors, all health checks are green, but as mentioned in a previous post I am also getting a lot of alerts about the Burp Collaborator server not being reachable. I don't know if that is referring to the public server or my private server... Thanks in advance

Liam, PortSwigger Agent | Last updated: Dec 11, 2017 09:09AM UTC

Thanks for this report. We'll investigate this issue further. Have you tried unloading and reloading the Collaborator Everywhere extension? This should provide a workaround.

Scott | Last updated: Sep 01, 2020 07:22PM UTC

I've also noticed that the default Burp Suite collaborator server is being used sometimes when my custom collaborator server becomes temporarily unreachable (I see the traffic in my remote proxy logs). I'm not using the "Collaborator Everywhere" plugin, so the issue doesn't appear to be related to that. This is undesirable when scanning sensitive systems because if the default collaborator server were ever compromised then the attackers would see the IPs of private systems that may have just reported themselves vulnerable. That's kind of a big deal in my opinion. Collaborator is an awesome tool that puts Burp Suite head and shoulders above many other solutions, but because I have no control over the default collaborator server it potentially becomes an additional vector when the route fails open.

Liam, PortSwigger Agent | Last updated: Sep 02, 2020 12:40PM UTC

Thanks for this report, Scott. This shouldn’t happen. Can you reproduce this easily? Would it be possible to provide us with steps to reproduce the issue? Could you email us with your configuration and proxy logs? (support@portswigger.net)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.