Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Got External service interaction (DNS) but the host are not from my IP address/site

Hengky | Last updated: Jun 24, 2020 06:22PM UTC

Hi, I run BURP Scanon our targetted website with IP 172.16.xx.xx and got issue: -- External service interaction (DNS), It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names. The Collaborator server received a DNS lookup of type A for the domain name rmhjyn3uceigq4xcmsb44rxskjqde4cs4uskfa3z.burpcollaborator.net. The lookup was received from IP address 74.125.xxx.xxx at 2020-Jun-24 03:04:10 UTC. -- REQUEST: GET / HTTP/1.1 Host: ojbgvk0r9bfdn1u9jp811ouphgnab4zxylo8ew3.burpcollaborator.net Pragma: no-cache Cache-Control: no-cache, no-transform Connection: close -- some part I noticed here are: - BURP says "The lookup was received from IP address 74.125.xxx.xxx" which 74.125.xxx.xxx is NOT my IP address - the Host on REQUEST detail also not my IP address. is it normal or I missed something? Thank you.

Uthman, PortSwigger Agent | Last updated: Jun 25, 2020 09:19AM UTC

Hi, It looks like the lookup came from the Burp Collaborator which is why you are seeing that in the Host header in the request. You may find the following documentation helpful in understanding what this is and what it does: - https://portswigger.net/burp/documentation/collaborator - https://portswigger.net/support/using-burp-collaborator-client

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.