Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

External Service Interaction False Positive

Nick | Last updated: Mar 19, 2019 06:38PM UTC

While running active scan against a site while on a VPN, Burp reported an issue for External Service interaction. However, the service being interacted with is coming from my Public IP on the VPN and not from the site I am testing (like I would expect for SSRF). I reran the scan from a VDI that's not over VPN against the same site and the issue did not show up. Has anyone else ever run into something like this? Thanks!

Liam, PortSwigger Agent | Last updated: Mar 21, 2019 01:58PM UTC

Nick, this could well be a false positive. Are you running any security software on your system that could be causing the interaction? Have you tried using WireShark to identify where the traffic is coming from? Does the VDI have different software installed?

Burp User | Last updated: Mar 21, 2019 04:27PM UTC

I don't believe there would be any security software on my system that would cause it. I've don't other active scans against other sites and would think the issue would show up then, but it doesn't. I did try using Wireshark to see what was going on, but the traffic is encrypted over the VPN, so I couldn't see anything useful. The VDI should be running the same version (1.7.37), but the Windows version. My main computer for testing is a Mac.

PortSwigger Agent | Last updated: Mar 22, 2019 03:57PM UTC

Ok, it sounds like you have rules out some obvious causes, and further investigation will be difficult due to the VPN encryption. I suggest you try to figure out if there's any security impact from this behavior. If not, I would just ignore it - determining the exact cause of the interaction is not worthwhile. Please let us know if you need any further assistance.

tarcan | Last updated: Mar 25, 2021 02:50PM UTC