Burp Suite User Forum

Create new post

Collaborator Troubleshooting

Darrell | Last updated: Dec 08, 2015 07:17PM UTC

I'm trying to setup a private collaborator using HTTP first using only an IP address on port 8080 (working on getting all the approvals for dedicated domain, wildcard cert, etc.) but the health check for the "server http connection" always results in an error. The separate polling config works fine on port 8081. I've shut off firewalls and endpoint protection on both client and server and from the client can access the burp collaborator server default page on 8080 using a browser. Is there any way to turn on a debug mode at either or both ends?

PortSwigger Agent | Last updated: Dec 09, 2015 09:03AM UTC

You need to run the Collaborator HTTP service on port 80, and specify its IP address in the "Server location" field of the private Collaborator server configuration.

Burp User | Last updated: Dec 10, 2015 11:57AM UTC

Thanks but I was trying to use the non-standard port config as described in the documentation. Port 80 is already in use.

PortSwigger Agent | Last updated: Dec 10, 2015 01:17PM UTC

The purpose of running the Collaborator HTTP service on a non-standard port is really only to let you run the Collaborator server without root privileges. If you do this, then you need to run (as root) a redirector from port 80 to the chosen alternative port. It is essential that the server is actually listening on port 80 of the public interface, because that is where interactions will arrive from targets. So you'll need to remove whatever other service is using port 80 on the Collaborator machine.

Burp User | Last updated: Dec 11, 2015 01:48PM UTC

Ah thanks again. I was under the false assumption that if the burpsuite collaborator config used hostname:port that the port would be included in the injections. I didn't realize that it always defaults to port 80 for HTTP.

PortSwigger Agent | Last updated: Dec 11, 2015 03:28PM UTC

Leaving the HTTP interactions port as the default increases the chances of things working, since we can submit simpler payloads (a plain domain name) and look for interactions on both HTTP/HTTPS on their default ports.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.