Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Can't replicate "External service interaction (DNS)" detected by audit/active scan: different server response

Laura | Last updated: Aug 17, 2020 01:56PM UTC

Hello, While testing a website with an active scan, the audit found a DNS external service interaction with a simple GET request: GET / HTTP/1.1 Host: 6ahuqe5akcixz5ra9xwycm13wu2qqge9dx3kt8i.burpcollaborator.net Pragma: no-cache Cache-Control: no-cache, no-transform Connection: close The reply, according to the Issue, was 200 OK with the main page of the target website, as expected. However, when I send the request to the Repeater and send it again, I receive a 400 Bad Request. There is no session information, no cookies in the request. What could be the cause for this? I want to confirm the external DNS request, but the target doesn't react to my Repeater request as described in the issue from the active scan. Thanks in advance for any tips!

Uthman, PortSwigger Agent | Last updated: Aug 17, 2020 02:48PM UTC

Are you using the collaborator client when attempting to reproduce the issue? Can you please send us further information along with screenshots to support@portswigger.net? Ideally, the request and response and detail about the issue.

Laura | Last updated: Aug 18, 2020 05:27AM UTC

Yes, I am using the collaborator client. The main thing that I don't quite understand is that the issue was noted in the active scan and the server responded with a 200, but now when I try to do it, the response is always a 400, even though the request is either the exact same, or with the host changed to my collaborator client url. Annotated album of screenshots for clarity: https://imgur.com/a/h0WBuIU

Laura | Last updated: Aug 18, 2020 05:32AM UTC