Research Academy Daily Swig
My account Customers About Blog Careers Legal Contact

Burp Suite User Forum

Login to post

Allow redirecting Burp Collaborator server to arbitrary locations

John | Last updated: Jan 04, 2021 09:20PM UTC

This may be extremely useful for SSRF testing. At the moment I have to set up my own redirect server in order to test redirects to internal hosts/services. Being able to have the option to redirect a collaborator server could allow me to , for example, submit the following request to my target: https://somesite/somerequest?url=collaboratorurl whereas "collaboratorurl" is set to 302 redirect it's traffic to "gopher://127.0.0.1" in order to test for SSRF bypass via redirection. In general I think alot of users would find this to be a very useful feature.

Michelle, PortSwigger Agent | Last updated: Jan 05, 2021 02:53PM UTC

Thanks for the feedback, we'll pass the idea on to the product team.

Michelle, PortSwigger Agent | Last updated: Jan 13, 2021 11:32AM UTC

Just to let you know we've linked this thread to a feature request so we can let you know when there is an update. Thanks once again for the feedback :-)

You need to Log in to post a reply. Or register here, for free.