Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Private Collaborator server issue with DNS records

Ari | Last updated: Feb 14, 2022 09:39PM UTC

I am following https://portswigger.net/burp/documentation/collaborator/deploying#collaborator-configuration-file and appear to have everything configured correctly (DEBUG collaborator logs record HTTP and DNS requests) but the NS record is not resolving correctly and therefore the Collaborator server doesn't work. Please help me identify what is incorrectly set up! I am using https://fly.io with a Dockerfile that bundles the 2021.12.1 BurpSuite professional JAR (also tried with the 2022 JAR) and a custom config file. The collaborator config file is here: https://gist.github.com/artis3n/c694a6b3bfd5816d155180933c8cedd9 . The fly.toml file merely sets up all of the ports the Collaborator server needs and configures fly to use TCP pass-through to have all traffic terminate with the Collaborator server. UDP traffic is configured for port 53. The hostname and IPv4 address are passed into the config file when the docker image is built (see the Dockerfile in the gist). This would be easier if I could attach images. I set up DNS records for: - name server 1 (ns1.burp-collaborator.MYDOMAIN.com) - A and AAAA records - name server 2 (ns2.burp-collaborator.MYDOMAIN.com) - A and AAAA records - the collaborator server (collaborator.MYDOMAIN.com) - NS record pointing to the ns1 and ns2 domains The name server domains point to the same IPv4 address, which is the same as the Collaborator server IPv4 address. I am using Google Domains and set the ns1 and ns2 hostnames as glue records pointing to the IPv4 and IPV6 addresses of the collaborator server. When I run "dig collaborator.MYDOMAIN.com NS +noall +answer +short" , I get no response. The name servers correctly resolve to the IP address I've set up on fly.io. In the collaborator logs, having set DEBUG in the custom.config file, I see the collaborator server receiving my DNS requests when I run "dig collaborator.MYDOMAIN.com" or send a curl command. The log lines look like: 2022-02-14T21:31:55.163 app[2eeddd1c] ewr [info] 2022-02-14 21:31:55.163 : Received DNS query with type NS from [172.70.173.195] for [collaborator.MYDOMAIN.com] containing no interaction IDs. The IP address is Fly's load balancer, not my real IP. Resolving to the correct IP was my next task to tinker on with this project, once the DNS records are correctly set up.

Michelle, PortSwigger Agent | Last updated: Feb 15, 2022 10:30AM UTC

Thanks for your message. Can you send over the screenshots you mentioned showing your DNS setup to support@portswigger.net so we can take a closer look at this with you, please?

Ari | Last updated: Feb 22, 2022 09:35PM UTC

I didn't get any notification or email about that reply and didn't check back until today - yes, will send those screenshots over!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.