Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Collaborator client Issue

Dhirendra | Last updated: Nov 29, 2020 05:11PM UTC

When i send file upload request containing burp collaborator URL in multipart form, the request received on the collaborator client consist of my own ip address as sender. Eg: ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="file"; filename="abc.html" Content-Type: image/png <html><img src="http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net"></html> ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="radio" On Burp collaborator client it is like: The Collaborator server received an HTTP request. The request was received from IP address 103.73.34.216 at 2020-Nov-29 17:00:32 UTC. --> But Here 103.73.34.216 is my own ip address. I don't know if that is any feature.

Dhirendra | Last updated: Nov 29, 2020 05:18PM UTC

update -> request contains 'Content-Type: text/html' instead of 'Content-Type: image/png' i.e. ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="file"; filename="abc.html" Content-Type: text/html <html><img src="http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net"></html> ------WebKitFormBoundaryxToBRlN67jaTpJ3E Content-Disposition: form-data; name="radio"

Uthman, PortSwigger Agent | Last updated: Nov 30, 2020 11:21AM UTC

Hi Dhirendra, That looks like expected behavior. The request to your specific collaborator subdomain (e.g. http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net) was sent from 103.73.34.216 (your machine). What are you expecting to see?

Dhirendra | Last updated: Dec 03, 2020 05:58AM UTC

Hi Uthman, Thanks for the reply. But the request to the collaborator domain (http://vutwz7oo44bd0zct3bvc5tkoffl59u.burpcollaborator.net) should be from domain to which i am sending the request(Testing SSRF for some website), instead of mine. Thanks, Dhirendra

Uthman, PortSwigger Agent | Last updated: Dec 03, 2020 09:44AM UTC