Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Collaborator client Issue

Dhirendra | Last updated: Nov 29, 2020 05:11PM UTC

When i send file upload request containing burp collaborator URL in multipart form, the request received on the collaborator client consist of my own ip address as sender. Eg: ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="file"; filename="abc.html" Content-Type: image/png <html><img src="http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net"></html> ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="radio" On Burp collaborator client it is like: The Collaborator server received an HTTP request. The request was received from IP address 103.73.34.216 at 2020-Nov-29 17:00:32 UTC. --> But Here 103.73.34.216 is my own ip address. I don't know if that is any feature.

Dhirendra | Last updated: Nov 29, 2020 05:18PM UTC

update -> request contains 'Content-Type: text/html' instead of 'Content-Type: image/png' i.e. ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="file"; filename="abc.html" Content-Type: text/html <html><img src="http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net"></html> ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="radio"

Uthman, PortSwigger Agent | Last updated: Nov 30, 2020 11:21AM UTC

Hi Dhirendra, That looks like expected behavior. The request to your specific collaborator subdomain (e.g. http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net) was sent from 103.73.34.216 (your machine). What are you expecting to see?

Dhirendra | Last updated: Dec 03, 2020 05:58AM UTC

Hi Uthman, Thanks for the reply. But the request to the collaborator domain (http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net) should be from domain to which i am sending the request(Testing SSRF for some website), instead of mine. Thanks, Dhirendra

Uthman, PortSwigger Agent | Last updated: Dec 03, 2020 09:44AM UTC

It looks like the HTTP request is showing your IP because you have manually navigated to your collaborator subdomain. You will see your IP address because the HTTP request to the domain is being sent from your machine. I would suggest taking a look at the documentation below for clarity/further information: - https://portswigger.net/burp/documentation/collaborator - https://subscription.packtpub.com/book/networking_and_servers/9781789531732/11/ch11lvl1sec87/using-burp-collaborator-to-determine-ssrf - https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.