Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

private Burp Collaborator customDnsRecords: dns rebinding

Ricky | Last updated: Mar 01, 2022 06:49PM UTC

I am unaware of private Burp Collaborator having this function (happy for someone to point me in the right direction if I missed it). I think it could be really useful if using customDnsRecords, it was possible to set up DNS rebinding attacks.

Michelle, PortSwigger Agent | Last updated: Mar 02, 2022 12:05PM UTC

Thanks for getting in touch. This functionality does not currently exist. We have already passed on the details of the other feature request you raised yesterday, can you provide a few more details on how you see yourself using this feature and how often?

Ricky | Last updated: Mar 02, 2022 03:07PM UTC

> can you provide a few more details on how you see yourself using this feature and how often The feature would be used within Time-of-check to time-of-use vulnerabilities, as an example, a web application may check that a URL doesn't resolve to an internal IP address and then later in the code use the URL within a curl request. In the first instance, the URL is looked up, it would be set to an external IP address and upon the second lookup, it would have switched to an internal IP address. In all honesty, I don't see myself using this feature often as it's not a common vuln I come across but I feel like it would still be good if private Burp Collaborator offered this in place of me having to setup another tool and possibly another server to perform the attack.

Michelle, PortSwigger Agent | Last updated: Mar 03, 2022 06:40PM UTC

Thanks for the feedback and for taking the time to get in touch with ideas. We'll have a chat with the team to pass on your comments.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.