Burp Suite User Forum

Login to post

Collaborator Token definition & "API" Access

Sven | Last updated: Jan 03, 2022 09:43AM UTC

Hi, we would like to add two feature requests for private collaborator servers. 1. Please, let us define the base collaborator server sub domain name (and length) 2. Provide an official "API" to access the collaborator subdomains (Like the "Poll now", but also for a list of already generated names) Thanks Sven

Maia, PortSwigger Agent | Last updated: Jan 04, 2022 03:30PM UTC

Hi, I have added you to an existing feature request which covers this functionality. Any additional information surrounding your use case would be welcome. With regards to the API, you can currently use the extender API to poll the collaborator: https://portswigger.net/burp/extender/api/burp/IBurpCollaboratorClientContext.html

Sven | Last updated: Jan 06, 2022 08:01AM UTC

Thanks Maia Use cases for the API are: 1. Use Collaborator to access E-Mails during an Engagement (which is usually longer than an individual has the Collaborator window open) 2. Allow teams to access the same (or defined) token 3. Use third party tools to query and access the collaborator data for further processing I'll update if I can think of any more, but those would already be pretty useful I think. Will this thread be updated when there is any progress in that direction? Ta Sven

Maia, PortSwigger Agent | Last updated: Jan 06, 2022 06:14PM UTC

Hi, I have linked your case to the related feature requests and we will update this thread if these get implemented. There should be no issue in using third-party tools currently as the interactions are retrieved via a GET request.

You need to Log in to post a reply. Or register here, for free.