Burp Suite User Forum

Login to post

Private Burp Collaborator Server: Unexpected Exceptions - Problem handling DNS requests

Thorsten | Last updated: May 10, 2020 01:51PM UTC

Hello, I am running a private Burp Collaborator Server (current version of Burp) on an AWS EC2 instance. It's working and all health check tests were successful, but I found a lot of error messages in the log: -------------------------------------------------------------------------------- 2020-05-10 12:35:10.690 : Problem handling DNS request burp.ei3: Invalid label character set in 6E73312E74686F6B752E78797A at burp.d7x.a(Unknown Source) at burp.d7x.<init>(Unknown Source) at burp.cox.f(Unknown Source) at burp.cox.<init>(Unknown Source) at burp.bzv.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) 2020-05-10 12:35:10.690 : Raw dns request = 1574001000010000000000010D6E73312E74686F6B752E78797A0574686F6B750378797A000001000100002905C0000080000000 Exception report: Category: UNEXPECTED Detail: burp.ei3: Invalid label character set in 6E73312E74686F6B752E78797A at burp.d7x.a(Unknown Source) at burp.d7x.<init>(Unknown Source) at burp.cox.f(Unknown Source) at burp.cox.<init>(Unknown Source) at burp.bzv.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) -------------------------------------------------------------------------------- The value of the "Raw dns request" is different in every error message, the rest always remains the same. Is there anything I can do to solve this? Thanks!

Michelle, PortSwigger Agent | Last updated: May 11, 2020 03:48PM UTC

You can see this message in the logs if people are hitting the collaborator with invalid DNS queries. Please let us know if you need any further assistance.

Rafael | Last updated: Oct 28, 2020 04:08AM UTC

Greetings! Hope you all are doing well in this difficult year. I'm facing the same issue when my private Collaborator instance receives a query containing underscore. I've noticed this when i tried to renew my LetsEncrypt certificate using route53-dns plugin: it never completes the challenge because it must retrieve the contents of TXT record _acme-challenge.sub.domain.com. This is what it looks like when Burp Collaborator gets an underscore on the request (it can be any query type): ``` 2020-10-28 03:26:29.369 : Problem handling DNS request burp.en4: Invalid label character set in 5F61636D652D6368616C6C656E6765 at burp.f9o.a(Unknown Source) at burp.f9o.<init>(Unknown Source) at burp.g6d.e(Unknown Source) at burp.g6d.<init>(Unknown Source) at burp.g_g.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) ``` I've checked this entry (https://forum.portswigger.net/thread/burp-collaborator-built-in-dns-server-responds-with-notimp-to-caa-requests-d1b435b2) but i don't believe i'm facing the same problem as him. Thanks in advance. Rafael

Michelle, PortSwigger Agent | Last updated: Oct 28, 2020 02:34PM UTC

Do you see this error during normal operation or is it just during the renewal of the certificate? If there are any details you'd prefer to share directly so you can include more information, please feel free to email us using support@portswigger.net

Rafael | Last updated: Oct 28, 2020 02:45PM UTC

Awesome, i'll definitely reach out using e-mail. But just so other people know i see this error during normal operation too. Something as simple as ```host it_crashes.mysub.domain.com``` will produce the same Problem handling DNS request above and will return :/

Michelle, PortSwigger Agent | Last updated: Oct 29, 2020 09:17AM UTC

I just wanted to let you know we've got your email, thanks for all the information, we're taking a look through it and will be in touch shortly.

floyd | Last updated: Nov 19, 2020 10:35AM UTC

I have the same behavior and would be interested what the solution will be. I guess no stack trace is necessary, queries for unknown hosts could be one line in the logs, that should be sufficient

Michelle, PortSwigger Agent | Last updated: Nov 19, 2020 04:36PM UTC

Thanks for getting in touch. When you say you're seeing the same behavior, is this when you're trying to renew the certificate? If so, is a TXT challenge being issued?

You need to Log in to post a reply. Or register here, for free.