Burp Suite User Forum

Create new post

Collaborator Server issues "expected record not found"

singe | Last updated: Apr 23, 2015 02:25PM UTC

I've got a private collaborator server up and running. It has it's own domain, it's resolving fine, wildcard certs are installed and confirmed working on both interaction and collaboration ports. When I run a health check in the app everything comes out green (Success) except for: Verify DNS Interaction Verify HTTP Interaction Verify HTTPS Interaction The summary text is: "We communicated with the collaborator, and appeared to successfully record events, however when we attempted to retrieve the interaction records the expected records weren't present." Can you give me an idea of two things: the first is what the issues could be or where to look, and the second is how to go about debugging this? Should I be running tcpdump on the server's public interface and be looking for interactions (i.e. not to polling.) from the burp client?

PortSwigger Agent | Last updated: Apr 23, 2015 03:15PM UTC

We would suggest doing this next: 1. Enable polling over HTTP in Burp (for now). 2. Run the health check with Wireshark running on your Burp machine. 3. Check that the HTTP connections for interaction and polling are going to the correct network locations (these should be the public IP addresses of your two Collaborator interfaces). 4. Check that the polling response contains JSON. This will be a pair of empty braces if no interactions are being returned, otherwise the interaction data.

PortSwigger Agent | Last updated: Apr 23, 2015 03:23PM UTC

Good stuff. In Burp, you can specify a different port for polling in the "Polling location" field, as e.g.: 10.2.3.4:8443

Burp User | Last updated: Apr 24, 2015 07:25AM UTC

Bizarre, I see no JSON, here's an example response: GET /burpresults?biid=<redacted URL encoded base64> HTTP/1.1 Host: <redacted> Accept: */* Accept-Language: en Connection: close HTTP/1.1 200 OK Content-Length: 1154 Content-Type: text/html Server: Burp Collaborator https://burpcollaborator.net/ Connection: close <!DOCTYPE html><html><head><meta charset="UTF-8"></head><body><h1>Burp Collaborator Server</h1><p>Burp Collaborator is a service that is used by <a href="http://portswigger.net/burp/">Burp Suite</a> when testing web applications for security vulnerabilities. Some of Burp Suite's tests may cause the application being tested to interact with the Burp Collaborator server, to enable Burp Suite to detect various security vulnerabilities.</p><p>The Burp Collaborator server does not itself initiate any interactions with any system, and only responds to interactions that it receives from other systems.</p><p>If you are a systems administrator and you are seeing interactions with the Burp Collaborator server in your logs, then it is likely that someone is testing your web application using Burp Suite. If you are trying to identify the person responsible for this testing, you should review your web server or applications logs for the time at which these interactions were initiated by your systems.</p><p>For further details about Burp Collaborator, please see the <a href="http://portswigger.net/burp/help/">full documentation</a>.</p></body></html>

Burp User | Last updated: Apr 24, 2015 07:41AM UTC

Ok, I've worked out the problem. Polling is running on different ports, but the same interface (we handle the NAT'ing outside the box). How do I configure burp to point to different ports for polling?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.