Research Academy Daily Swig
My account Customers Account and subscription management About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

IP of targets in the logger resolve/change dynamically

GarlicCheese | Last updated: Jan 18, 2023 06:55AM UTC

With Burp Pro (v2022.12.6) the target IP can be shown in the included Logger function. If the IP of the target changes (e.g. By setting a different IP in the settings, network, connections, hostname resolution overrides) and a previously logged request is repeated, ALL logged IPs will change. For example, if I request "example.com", the public IP will be logged. Then I set the hostname resolution override to 127.0.0.1 and repeat the request, in the logger it will say, that the previous request was also directed to 127.0.0.1. The logger should keep the actually addressed target IP, not the one it currently resolves to.

Michelle, PortSwigger Agent | Last updated: Jan 19, 2023 02:55PM UTC

Can you tell us more about the scenario where this is causing you problems? How often does this issue occur during your testing?

GarlicCheese | Last updated: Jan 20, 2023 06:26AM UTC

I frequently work with a company that uses the same domain for all their environments, but targets different IPs. So the product is always available as tool.example.com, yet the domain resolution controlled by the local hosts file will decide what environment is targeted (e.g. 10.0.10.5 = development, 10.0.20.5 = testing, 10.0.30.5 = staging and 1.2.3.4 = production). There are a couple more environments for a number of domains. In my humble opinion, the sent requests protocol/logger, should reflect the past events as they occurred and a dynamic domain resolution does not make sense there.

Michelle, PortSwigger Agent | Last updated: Jan 20, 2023 02:45PM UTC

Hi Thanks for the additional information. This isn't something we've had requests for in the past. It's possible other users are working in slightly different ways and separating such examples into different project files and may not be impacted in the same way. We have raised this, though, so we can track further interest. We would also need to consider the impact on the other tools within Burp, such as the Proxy History. We've linked this thread so we can post back here with any further updates.

You need to Log in to post a reply. Or register here, for free.