Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Private Collaborator Server

Martijn | Last updated: Jan 05, 2021 07:38AM UTC

Dear sir, madam, For the past day I've been trying to set up a private collaborator server to work on a client that blocks the public collaborator. It's been a very educational process to say the least (phrasing I use as a euphamism for my frustration at my lack of experience and knowledge), and I've come pretty far in the process. So far I have done the following: 1. Registered a domain at Amazon Route 53, 2. Bought and registered a wildcard TLS, 3. Installed and configured the collaborator server on an EC2 Ubuntu instance, 4. Assigned an elastic IP to the instance, 5. Configured ns1.mydomain.mytld and ns2.mydomain.mytld as the only 2 nameservers to my domain, including the public IP of the EC2 instance as glue records, 6. Configured mydomain.mytld as the private collaborator server in Burp But when I run a health check, I get the following errors: A TLS error occurred when connecting to the SMTPS capture server lh6zotm5rahsho04j05ed93a016ekx4f8ix.mydomain.mytld, but connecting did work if the certificate was not validated. This configuration will work if the server under test does not validate certificates, or has the capture server certificate installed. An HTTPS connection to the capture server at lh6zotm5rahsho04j05ed93a016ekx4f8ix.mydomain.mytld could not be opened. An SMTP connection to the capture server at lh6zotm5rahsho04j05ed93a016ekx4f8ix.mydomain.mtld port 25 could not be opened. Communication using other protocols did work; possibly a firewall is preventing this connection. No connections to the polling server at x.x.x.x (**ADDED NOTE: OBFUSCATED PUBLIC IP OF EC2 COLLABORATOR INSTANCE**) could be opened. The collaborator will not work in this configuration Seems to be a problem with the TLS, but I am mentally exhausted by this process and I would very much appreciate some advice or guidance. Thanks for taking the time to read. Kind regards

Martijn | Last updated: Jan 05, 2021 07:41AM UTC

Just to be safe I will mention that "mydomain" and "mytld" are obviously obfuscations for my real domain, and I have used a real and registered domain during setup and configuration.

Martijn | Last updated: Jan 05, 2021 08:28AM UTC

And I forgot to obfuscate. Damn me.

Martijn | Last updated: Jan 05, 2021 08:33AM UTC

Turns out polling was only working because I ticked "Poll over unencrypted HTTP". All of this seems to be a TLS issue and I can't figure it out. Also, if an admin reads this, I would really appreciate it if you could obfuscate my previous error messages. There seems to be no "edit post" functionality...

Martijn | Last updated: Jan 05, 2021 10:23AM UTC

Ok so, another update: Made big progress. Certificate issues seem resolved. I've been messing around with the cert files and I'm not sure what eventually made the difference, but I'm thinking it initially was some formatting problem (copy-pasting long strings from cli in virtual linux machine running on windows to virtual linux machine running on amazon server accessed via browser window running on windows.... you get the idea). I'm not entirely certain, but after trying various ways to format and/or transfer the files, the health check reported no certificate issues. But: I am still unable to retrieve records from the collaborator. LATEST error message and health check report: Server address resolution Success Server HTTP connection Success Server HTTPS connection (trust enforced) Success Server HTTPS connection (trust not enforced) Success Server SMTP connection on port 25 Warning Server SMTP connection on port 587 Success Server SMTPS connection (trust enforced) Success Server SMTPS connection (trust not enforced) Success Polling server address resolution Success Polling server connection Success Verify DNS interaction Error Verify HTTP interaction Error Verify HTTPS interaction Error Verify SMTP interaction Error Verify SMTPS interaction Error We communicated with the collaborator, and appeared to successfully record events, however when we attempted to retrieve the interaction records the expected records weren't present.

Hannah, PortSwigger Agent | Last updated: Jan 05, 2021 10:52AM UTC

Hi I've removed the post that you hadn't obfuscated for you. Are you following the documentation on deploying a private collaborator server (https://portswigger.net/burp/documentation/collaborator/deploying)?

Martijn | Last updated: Jan 05, 2021 10:58AM UTC

Thank you Hannah. Yes I am following the guide you referenced. If it's any help I can send you my config file and route 53 dns entries.

Martijn | Last updated: Jan 05, 2021 10:59AM UTC

I've also captured the traffic form the health check in wireshark, and it appears to me as if the polling is happening over port 80 rather than 9090 or 9443 specified in the config file. It's not returning any json, but the burp collaborator landing page in plain html.

Martijn | Last updated: Jan 05, 2021 12:15PM UTC

Final solution: entirely removed the "polling" settings from the collaborator.config and use the same interface for logging and polling. I should have persisted just a little longer before asking. I hope this post will be vindicated by being of help to someone else.

Hannah, PortSwigger Agent | Last updated: Jan 06, 2021 09:38AM UTC

Hi Sorry I couldn't be of more help - I'm glad you've got it working! If there's anything else we can help with then please let us know.

John | Last updated: Mar 09, 2022 05:01PM UTC

Hello Martijn I have encountered in this issue please help to solve that. Thanks.

John | Last updated: Mar 09, 2022 05:01PM UTC

Hello Martijn I have encountered in this issue please help to solve that. Thanks.

Michelle, PortSwigger Agent | Last updated: Mar 10, 2022 08:40AM UTC