Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

private Burp Collaborator Server configuration question

Andrew | Last updated: Oct 31, 2022 10:41AM UTC

Dear Team, a. I want to use a self-signed wildcard certificate, is this configuration correct? b. Now the device where the private Burp Collaborator Server is deployed and the website under test are in the same network, does the "localAddress" necessary? c. How could I edit the "dns" to make the "DNS interaction:success" ? d. It seems that Burp Suite Enterprise Edition cannot detect basic vulnerabilities such as SQL injection. Is this related to the private Burp Collaborator Server? Here is the Burp Collaborator Health Check result with "collaborator.config": Initiating health check Server address resolution Success Server HTTP connection Success Server HTTPS connection (trust enforced) Warning Server HTTPS connection (trust not enforced) Success Server SMTP connection on port 25 Success Server SMTP connection on port 587 Success Server SMTPS connection (trust enforced) Warning Server SMTPS connection (trust not enforced) Success Polling server address resolution Success Polling server connection Success Verify DNS interaction Warning Verify HTTP interaction Success Verify HTTPS interaction Success Verify SMTP interaction Success Verify SMTPS interaction Success Server version Success "collaborator.config": { "serverDomain": "burpcollaborator.example.com", "workerThreads": 10, "eventCapture": { "publicAddress": "192.168.0.1", "http": { "ports": 80 }, "https": { "ports": 443 }, "smtp": { "ports": [ 25, 587 ] }, "smtps": { "ports": 465 }, "ssl": { "hostname": "burpcollaborator.example.com" } }, "polling": { "publicAddress": "192.168.0.1", "http": { "port": 9090 }, "https": { "port": 9443 }, "ssl": { "hostname": "burpcollaborator.example.com" } }, "dns": { "interfaces": [ { "name": "ns1", "publicAddress": "192.168.0.1" } ], "customDnsRecords": [ { "label": "1", "record": "275fe5b909adb10e41c78066e9485f7d", "type": "TXT" }, ], "ports": 53 }, "logLevel": "INFO" } Best regards!

Michelle, PortSwigger Agent | Last updated: Oct 31, 2022 02:47PM UTC

Thanks for getting in touch. So we can take a closer look at this with you, can you email support@portswigger.net with a few more details on your setup, please? For the issues with the private collaborator setup. the configuration you have will use self-signed certificates, but we probably need to run some tests regarding the DNS setup: - If the server where your app is installed needs to resolve <random_collaborator_payload>.burpcollaborator.example.com, is it able to resolve this? For the issues with vulnerabilities not being found, I don't think these will be related to your Collaborator issues, can we check a few details with you, please? - Have you detected these issues when scanning the website using Burp Suite Professional? - Which scan configurations did you select for your scan in Burp Suite Enterprise? - Is it just one specific site that's affected? - Can you describe your Burp Suite Enterprise setup? Are the Scanning Machines installed on the same server as Enterprise? What is the spec of the Scanning Machine?

Andrew | Last updated: Nov 01, 2022 01:54PM UTC

hi, Michelle a. I can detect these issues when scanning the website using Burp Suite Professional. b. I import 'JSON file' from Burp Suite Professional (Project > Project options > Save project options) by using private Burp Collaborator Server. c. All sites fail to detect vulnerabilities. d. Scanning Machines installed on the same server as Enterprise, 28-core+64G. Here is the 'JSON file': { "logger":{ "capture_filter":{ "by_mime_type":{ "capture_css":true, "capture_flash":true, "capture_html":true, "capture_images":true, "capture_other_binary":true, "capture_other_text":true, "capture_script":true, "capture_xml":true }, "by_request_type":{ "capture_only_in_scope_items":false, "capture_only_parameterized_requests":false, "discard_items_without_responses":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "capture_2xx":true, "capture_3xx":true, "capture_4xx":true, "capture_5xx":true }, "by_tool":{ "capture_extender":true, "capture_intruder":true, "capture_proxy":true, "capture_repeater":true, "capture_scanner":true, "capture_sequencer":true, "capture_target":true }, "capture_enabled":true, "capture_memory_limit_mb":100, "limit_request_response_size":{ "capture_requests_up_to":"1MB", "capture_responses_up_to":"1MB" }, "session_handling":{ "ignore_session_handling_requests":false }, "task_capture_memory_limit_mb":20 }, "display_filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_file_extension":{ "hide_items":[ "js", "gif", "jpg", "png", "css" ], "hide_specific":false, "show_items":[ "asp", "aspx", "jsp", "php" ], "show_only_specific":false }, "by_mime_type":{ "show_css":true, "show_flash":true, "show_html":true, "show_images":true, "show_other_binary":true, "show_other_text":true, "show_script":true, "show_xml":true }, "by_request_type":{ "hide_items_without_responses":false, "show_only_in_scope_items":false, "show_only_parameterized_requests":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "show_2xx":true, "show_3xx":true, "show_4xx":true, "show_5xx":true }, "by_tool":{ "show_extender":true, "show_intruder":true, "show_proxy":true, "show_repeater":true, "show_scanner":true, "show_sequencer":true, "show_target":true } } }, "project_options":{ "connections":{ "hostname_resolution":[], "out_of_scope_requests":{ "advanced_mode":false, "drop_all_out_of_scope":false, "exclude":[], "include":[], "scope_option":"suite" }, "platform_authentication":{ "credentials":[], "do_platform_authentication":true, "prompt_on_authentication_failure":false, "use_user_options":true }, "socks_proxy":{ "dns_over_socks":false, "host":"", "password":"", "port":0, "use_proxy":false, "use_user_options":true, "username":"" }, "timeouts":{ "connect_timeout":120000, "domain_name_resolution_timeout":300000, "failed_domain_name_resolution_timeout":60000, "normal_timeout":120000, "open_ended_response_timeout":10000 }, "upstream_proxy":{ "servers":[], "use_user_options":true } }, "http":{ "http1":{ "enable_keep_alive":false }, "http2":{ "enable_http2":true }, "redirections":{ "understand_3xx_status_code":true, "understand_any_status_code_with_location_header":false, "understand_javascript_driven":false, "understand_meta_refresh_tag":true, "understand_refresh_header":true }, "status_100_responses":{ "remove_100_continue_responses":false, "understand_100_continue_responses":true }, "streaming_responses":{ "scope_advanced_mode":false, "store":true, "strip_chunked_encoding_metadata":true, "urls":[] } }, "misc":{ "collaborator_server":{ "location":"192.168.0.1", "poll_over_unencrypted_http":true, "polling_location":"192.168.0.1", "type":"private" }, "embedded_browser":{ "allow_running_without_sandbox":false, "disable_gpu":false }, "logging":{ "requests":{ "all_tools":"", "extender":"", "intruder":"", "proxy":"", "repeater":"", "scanner":"", "sequencer":"" }, "responses":{ "all_tools":"", "extender":"", "intruder":"", "proxy":"", "repeater":"", "scanner":"", "sequencer":"" } }, "scheduled_tasks":{ "tasks":[] } }, "sessions":{ "cookie_jar":{ "monitor_extender":false, "monitor_intruder":false, "monitor_proxy":true, "monitor_repeater":false, "monitor_scanner":false, "monitor_sequencer":false }, "macros":{ "macros":[] }, "session_handling_rules":{ "rules":[ { "actions":[ { "enabled":true, "match_cookies":"all_except", "type":"use_cookies" } ], "description":"Use cookies from Burp's cookie jar", "enabled":true, "exclude_from_scope":[], "include_in_scope":[], "named_params":[], "restrict_scope_to_named_params":false, "tools_scope":[ "Scanner" ], "url_scope":"all", "url_scope_advanced_mode":false } ] } }, "ssl":{ "client_certificates":{ "certificates":[], "use_user_options":true }, "negotiation":{ "allow_unsafe_renegotiation":false, "disable_ssl_session_resume":false, "enabled_ciphers":[], "enabled_protocols":[], "enforce_upstream_trust":false, "tls_negotiation_behavior":"use_all_supported" } } }, "proxy":{ "http_history_display_filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_file_extension":{ "hide_items":[ "js", "gif", "jpg", "png", "css" ], "hide_specific":false, "show_items":[ "asp", "aspx", "jsp", "php" ], "show_only_specific":false }, "by_listener":{ "port":"" }, "by_mime_type":{ "show_css":false, "show_flash":true, "show_html":true, "show_images":false, "show_other_binary":false, "show_other_text":true, "show_script":true, "show_xml":true }, "by_request_type":{ "hide_items_without_responses":false, "show_only_in_scope_items":false, "show_only_parameterized_requests":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "show_2xx":true, "show_3xx":true, "show_4xx":true, "show_5xx":true } }, "intercept_client_requests":{ "automatically_fix_missing_or_superfluous_new_lines_at_end_of_request":false, "automatically_update_content_length_header_when_the_request_is_edited":true, "do_intercept":true, "rules":[ { "boolean_operator":"and", "enabled":true, "match_condition":"(^gif$|^jpg$|^png$|^css$|^js$|^ico$|^svg$|^eot$|^woff$|^woff2$|^ttf$)", "match_relationship":"does_not_match", "match_type":"file_extension" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"contains_parameters", "match_type":"request" }, { "boolean_operator":"or", "enabled":false, "match_condition":"(get|post)", "match_relationship":"does_not_match", "match_type":"http_method" }, { "boolean_operator":"and", "enabled":false, "match_relationship":"is_in_target_scope", "match_type":"url" } ] }, "intercept_server_responses":{ "automatically_update_content_length_header_when_the_response_is_edited":true, "do_intercept":false, "rules":[ { "boolean_operator":"or", "enabled":true, "match_condition":"text", "match_relationship":"matches", "match_type":"content_type_header" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"was_modified", "match_type":"request" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"was_intercepted", "match_type":"request" }, { "boolean_operator":"and", "enabled":false, "match_condition":"^304$", "match_relationship":"does_not_match", "match_type":"status_code" }, { "boolean_operator":"and", "enabled":false, "match_relationship":"is_in_target_scope", "match_type":"url" } ] }, "intercept_web_sockets_messages":{ "client_to_server_messages":true, "server_to_client_messages":true }, "match_replace_rules":[ { "comment":"Emulate IE", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" }, { "comment":"Emulate iOS", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3" }, { "comment":"Emulate Android", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" }, { "comment":"Require non-cached response", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^If-Modified-Since.*$" }, { "comment":"Require non-cached response", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^If-None-Match.*$" }, { "comment":"Hide Referer header", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Referer.*$" }, { "comment":"Require non-compressed responses", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Accept-Encoding.*$" }, { "comment":"Ignore cookies", "enabled":false, "is_simple_match":false, "rule_type":"response_header", "string_match":"^Set-Cookie.*$" }, { "comment":"Rewrite Host header", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Host: foo.example.org$", "string_replace":"Host: bar.example.org" }, { "comment":"Add spoofed CORS origin", "enabled":false, "is_simple_match":true, "rule_type":"request_header", "string_replace":"Origin: foo.example.org" }, { "comment":"Remove HSTS headers", "enabled":false, "is_simple_match":false, "rule_type":"response_header", "string_match":"^Strict\\-Transport\\-Security.*$" }, { "comment":"Disable browser XSS protection", "enabled":false, "is_simple_match":true, "rule_type":"response_header", "string_replace":"X-XSS-Protection: 0" } ], "miscellaneous":{ "disable_logging_to_history_and_site_map":false, "disable_out_of_scope_logging_to_history_and_site_map":false, "disable_web_interface":false, "remove_unsupported_encodings_from_accept_encoding_headers_in_incoming_requests":true, "set_connection_close_header_on_responses":false, "set_connection_header_on_requests":true, "strip_proxy_headers_in_incoming_requests":true, "strip_sec_websocket_extensions_headers_in_incoming_requests":true, "suppress_burp_error_messages_in_browser":false, "unpack_gzip_deflate_in_requests":false, "unpack_gzip_deflate_in_responses":true, "use_http_10_in_requests_to_server":false, "use_http_10_in_responses_to_client":false }, "request_listeners":[ { "certificate_mode":"per_host", "custom_tls_protocols":[], "enable_http2":true, "listen_mode":"loopback_only", "listener_port":8080, "running":true, "use_custom_tls_protocols":false } ], "response_modification":{ "convert_https_links_to_http":false, "enable_disabled_form_fields":false, "highlight_unhidden_fields":false, "remove_all_javascript":false, "remove_input_field_length_limits":false, "remove_javascript_form_validation":false, "remove_object_tags":false, "remove_secure_flag_from_cookies":false, "unhide_hidden_form_fields":false }, "ssl_pass_through":{ "automatically_add_entries_on_client_ssl_negotiation_failure":false, "rules":[] }, "web_sockets_history_display_filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_listener":{ "listener_port":"" }, "by_request_type":{ "hide_incoming_messages":false, "hide_outgoing_messages":false, "show_only_in_scope_items":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" } } }, "repeater":{ "allow_http2_alpn_override":false, "enable_http1_keep_alive":false, "enable_http2_connection_reuse":true, "enforce_protocol_in_redirections":false, "follow_redirections":"never", "normalize_line_endings":true, "process_cookies_in_redirections":false, "strip_connection_header_over_http2":true, "unpack_gzip_deflate":true, "update_content_length":true }, "sequencer":{ "live_capture":{ "ignore_abnormal_length_tokens":true, "max_length_deviation":5, "num_threads":5, "throttle":0 }, "token_analysis":{ "compression":true, "correlation":true, "count":true, "fips_long_run":true, "fips_monobit":true, "fips_poker":true, "fips_runs":true, "spectral":true, "transitions":true }, "token_handling":{ "base_64_decode_before_analyzing":false, "pad_short_tokens_at":"start", "pad_with":"0" } }, "target":{ "filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_file_extension":{ "hide_items":[ "js", "gif", "jpg", "png", "css" ], "hide_specific":false, "show_items":[ "asp", "aspx", "jsp", "php" ], "show_only_specific":false }, "by_folders":{ "hide_empty_folders":true }, "by_mime_type":{ "show_css":false, "show_flash":true, "show_html":true, "show_images":false, "show_other_binary":false, "show_other_text":true, "show_script":true, "show_xml":true }, "by_request_type":{ "hide_not_found_items":true, "show_only_in_scope_items":false, "show_only_parameterized_requests":false, "show_only_requested_items":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "show_2xx":true, "show_3xx":true, "show_4xx":false, "show_5xx":true } }, "scope":{ "advanced_mode":false, "exclude":[], "include":[] } } }

Michelle, PortSwigger Agent | Last updated: Nov 01, 2022 02:36PM UTC

Hi Thanks for the update. Could you email support@portswigger.net with an example of one of the results that Burp Suite Professional finds and Burp Suite Enterprise does not? Would you also be able to share some screenshots of the overall scan results of the same site from each product so we can take a closer look, please? Do the issues that are not found by Burp Suite Enterprise relate to ones that involve the Collaborator server?

Andrew | Last updated: Nov 02, 2022 03:04AM UTC

Sorry Michelle, I failed to send emails to you temporarily due to firewall restrictions. :( The expected vulnerability type in the tested URL is CWE 78. Will Burp Suite Enterprise use the Collaborator Server to detect this vulnerability? In addition, after I use the configuration file that comes with Burp Suite Enterprise and modify the proxy, it still doesn't work. Could you please provide a how-to video of using this EXACTLY? configuration file: { "crawler": { "error_handling": { "number_of_follow_up_passes": 1, "pause_task_requests_timed_out_count": 30, "pause_task_requests_timed_out_percentage": 0 }, "crawl_optimization": { "crawl_using_provided_logins_only": false, "crawl_strategy": "most complete" }, "customization": { "customize_user_agent": false } }, "scanner": { "error_handling": { "consecutive_audit_check_failures_to_skip_insertion_point": 2, "consecutive_insertion_point_failures_to_fail_audit_item": 2, "number_of_follow_up_passes": 1, "pause_task_failed_audit_item_count": 30, "pause_task_failed_audit_item_percentage": 0 }, "issues_reported": { "select_individual_issues": true }, "modifying_parameter_locations": { "url_to_body": true, "body_to_url": true, "cookie_to_url": true, "url_to_cookie": true, "body_to_cookie": true, "cookie_to_body": true }, "audit_optimization": { "maximum_crawl_and_audit_time": 100, "scan_speed": "thorough" } }, "project_options": { "connections": { "upstream_proxy": { "servers": [ { "auth_type": "none", "destination_host": "polling.oastify.com", "proxy_host": "proxy.xxxxxx.com.cn", "proxy_port": 90, "enabled": true } ], "use_user_options": false } } } }

Michelle, PortSwigger Agent | Last updated: Nov 02, 2022 08:29AM UTC

Thanks for letting me know. Some of the requests by Burp Scanner when testing for OS command injection will include Collaborator payloads, if you can email us a copy of the request/response details linked to the issue in Professional, we can help you check to see if this was the case. When you performed the scan using Pro were you using your private collaborator server? Burp Suite Enterprise Edition does not feature configuration options for a private Collaborator in the UI, but you can export the configuration from Burp Suite Professional and import it into Burp Suite Enterprise. The JSON configuration file would look like this: { "project_options":{ "misc":{ "collaborator_server":{ "location":"your-collaborator-server.com", "poll_over_unencrypted_http":false, "polling_location":"", "type":"private" } } } } You can import this into the Burp Enterprise scan configuration library (Settings > Scan configurations > Import) and then apply it to your site(s) to be used by default for scans under (Sites > All sites > Click on the site > 'Details' tab > Default scan configurations). Multiple configs can be applied to a site or scan.

Andrew | Last updated: Nov 07, 2022 09:36AM UTC

Hi, Michelle When I create a new scan task on the Burp Suite Professional or Burp Suite Enterprise, the tool will not change the parameters I input during penetration testing, such as the following "name=Andrew&sex=man&age=19". Can this be configured? PS:"Insertion Point Types > Body parameter values" is selected. Thanks! POST /TestCase/1 HTTP/1.1 Host: 192.168.0.1:8443 Content-Length: 59 Sec-Ch-Ua: "Not;A=Brand";v="99", "Chromium";v="106" Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62 Safari/537.36 Accept: */* X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Platform: "Windows" Origin: https://192.168.0.1:8443 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://192.168.0.1:8443/TestCase/1.html Accept-Encoding: gzip, deflate Connection: close name=Andrew&sex=man&age=19

Michelle, PortSwigger Agent | Last updated: Nov 07, 2022 11:04AM UTC

Hi Can you describe in a bit more detail the tests you want to carry out? If you'd rather share this directly, feel free to email support@portswigger.net. Depending on the task you're trying to complete, you might find this article useful: https://portswigger.net/web-security/reference/augmenting-your-manual-testing-with-burp-scanner

Andrew | Last updated: Nov 08, 2022 07:39AM UTC

Hi, Michelle I created a "New scan" in the Dashboard menu of the Burp Suite Professional and found that, Burp Suite Enterprise will not use "name=Andrew&sex=man&age=19" as insertion points sometimes, "name/sex/age" are testboxes on the web page, "Insertion Point Types > Body parameter values" is enable in the configuration file. The same phenomenon occurs when using Burp Suite Enterprise. Another question is: how could I view "ALL" requests and responses for scanned URLs in Burp Suite Enterprise, not only the URLs with issues? Thanks!

Michelle, PortSwigger Agent | Last updated: Nov 08, 2022 01:15PM UTC