Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Bug when changing the Burp Collaborator Server

Nicola | Last updated: Sep 06, 2022 01:22PM UTC

Hi, I believe I have found a bug in Burp that leads to the wrong collaborator server being used under certain circumstances. I am using Burp Suite Professional v2022.8.4 with openjdk version "11.0.16" 2022-07-19 on Kali. Take the following steps to reproduce the issue: - observe any request in the HTTP history - change your collaborator settings in the project options (I am switching between a private collaborator server and the Burp default collaborator) - send the request to the repeater (do not issue the request from repeater!) - right click in the request -> do active scan - use the Logger to observe that the collaborator in the requests did not change despite your change in the project options If you have any issues reproducing this behavior or need more info from me, please let me know. Kind regards, Nicola

Michelle, PortSwigger Agent | Last updated: Sep 06, 2022 03:15PM UTC

Thanks for getting in touch. Can we check a few details about your setup and the steps you were taking, please? Was this the first request you had sent to Active scan or was there an existing scan task on Burp's Dashboard from previous active scans? If there was an existing scan task then this could explain the behavior you are seeing, as the request would have been sent to the existing scan task which was created using your original Collaborator settings. If you delete the scan task relating to the previous active scan, this will allow a new scan task to be created using the updated Collaborator settings. Please let me know if this helps to explain the behavior you are seeing. If you have any questions or want to share any details with us directly, feel free to email support@portswigger.net.

Nicola | Last updated: Sep 07, 2022 07:40AM UTC

Thanks for your quick reply! You are correct, I have just checked the behavior again and it only occurs if a scan is added to a task that already exists. Do you consider this intended behavior or something that should be changed? Best regards, Nicola

Michelle, PortSwigger Agent | Last updated: Sep 07, 2022 08:01AM UTC

Thanks for the update :) This is the intended behavior currently, the settings for the Collaborator are picked up as each new task is created. Any new crawl and audit scan tasks or new live audit tasks would use the updated settings but if something is sent to an existing task then the original settings would be used. Let me know if you have any questions.

Nicola | Last updated: Sep 07, 2022 11:42AM UTC