Burp Suite User Forum

Create new post

Collaborator feature to exfiltrate data

Maurizio | Last updated: Jul 05, 2018 07:56AM UTC

Currently the collaborator it allow only to understand if a specific request generate an interaction with the collaborator on own payload. It would be very useful to add a feature to show in burp also exfiltrated data. For example, a normal collaborator DNS request is: l8unsfv43bbasbil8bo4o4edl4rufj.pippo.pluto.net Having the possibility to add data like will help tester, for example: XXXXXXXXXXXXXXXXXXXXXXl8unsfv43bbasbil8bo4o4edl4rufj.pippo.pluto.net Currently this king of request isn't shown inside burp because the hostname doesn't match with the one that has been generated. Maurizio

Burp User | Last updated: Jul 05, 2018 09:47AM UTC

Ok, my fault... the feature is already implemented, just use the 4th level domain like: XXXXXXXXXXXXXXXXXXXXXX.l8unsfv43bbasbil8bo4o4edl4rufj.pippo.pluto.net Maurizio

PortSwigger Agent | Last updated: Jul 05, 2018 12:08PM UTC

Hi Maurizio, Sure, that works at a technical level. If you are using this techniques, you should be using a private Collaborator server. The license agreement with the public collaborator forbids use for exploitation and exfiltration. There is an extension extension that does similar: - https://github.com/NetSPI/BurpCollaboratorDNSTunnel Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.