Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Privately Deployed Burp Collaborator - Failing Verify DNS Interaction

Eatay | Last updated: Nov 28, 2022 04:54PM UTC

Hi, While the documentation is fairly verbose and helpful, I'm running into trouble with the Health Check for my private Burp Collaborator instance. ### The Error ### Burp Collaborator Health Check returns: Verify DNS interaction Error Verify HTTP interaction Error Verify HTTPS Interaction Error Verify SMT interaction Warning Verify SMTPS interaction Warning ### DNS ### I've set the DNS records in AWS Route53, where: ``` NS collaborator.example.com ns1.collaborator.example.com A collaborator.example.com 1.2.x.x A ns1.collaborator.example.com 1.2.x.x ``` I did realize that when I query from my host the following: ```bash dig collaborator.example.com NS +noall +answer +short ``` I receive the proper response: `ns1.collaborator.example.com` But when I add the `+trace` flag: ```bash dig collaborator.example.com NS +noall +answer +short +trace ``` I receive a different answer: `ns1\.collaborator\.example\.com.collaborator.example.com` This behaviour is very strange, as the FQDN of the NS record mention before is really `ns1.collaborator.example.com`. If you can explain to me if this affects the behaviour, that would be very helpful. ### Logs ### I've set the log level to DEBUG, and this is what happens when I make a Health Check: ``` Nov 28 16:21:28 ip-10-229-12-5 systemd: Started Burp Collaborator. Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.516 : Using configuration file /usr/local/collaborator/collaborator.config Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.800 : Listening for HTTP on 10.229.x.x:80 Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.802 : Listening for SMTP on 10.229.x.x:25 Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.803 : Listening for SMTP on 10.229.x.x:587 Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.812 : Listening for HTTP on 10.229.x.x:9090 Nov 28 16:21:29 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:29.830 : Listening for DNS on 10.229.x.x:53 Nov 28 16:21:30 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:30.001 : Listening for HTTPS on 10.229.x.x:443 Nov 28 16:21:30 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:30.001 : Listening for SMTPS on 10.229.x.x:465 Nov 28 16:21:30 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:30.005 : Listening for HTTPS on 10.229.x.x:9443 Nov 28 16:21:42 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:42.359 : Received DNS query with type AAAA from [3.4.x.x] for [ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8.collaborator.example.com] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:42 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:42.364 : Received DNS query with type A from [3.4.x.x] for [ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8.collaborator.example.com] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:42 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:42.365 : Received DNS query with type AAAA from [3.4.x.x] for [ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8.collaborator.example.com] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:42 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:42.366 : Received DNS query with type A from [3.4.x.x] for [ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8.collaborator.example.com] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:42 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:42.649 : Received HTTP request from [3.4.x.x] for [/UbslxyDSGU82] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.076 : Received HTTPS request from [3.4.x.x] for [/UUPETq0XNLR9] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.267 : Received HTTPS request from [3.4.x.x] for [/x1OUvQUqjMA2] containing interaction IDs: ksg30cm5odw45t0e188f2ko8bzhcvvfdjg8 Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.548 : Received DNS query with type AAAA from [3.4.x.x] for [collaborator.example.com] containing no interaction IDs. Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.551 : Received DNS query with type AAAA from [3.4.x.x] for [collaborator.example.com] containing no interaction IDs. Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.747 : Received HTTPS request from [3.4.x.x] for [/burpresults] containing no interaction IDs. Nov 28 16:21:43 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:43.897 : Received HTTPS request from [3.4.x.x] for [/burpresults] containing no interaction IDs. Nov 28 16:21:44 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:21:44.286 : Received HTTP request from [3.4.x.x] for [/burpresults] containing no interaction IDs. Nov 28 16:22:01 ip-10-229-12-5 startcollab.sh: 2022-11-28 16:22:01.712 : Received HTTP request from [3.4.x.x] for [/burpresults] containing no interaction IDs. ``` ### Configuration File ### ``` { "serverDomain" : "collaborator.example.com", "workerThreads" : 10, "eventCapture": { "localAddress" : ["10.229.x.x"], "publicAddress" : "1.2.x.x", "http": { "ports" : 80 }, "https": { "ports" : 443 }, "smtp": { "ports" : [25, 587] }, "smtps": { "ports" : 465 }, "ssl": { "certificateFiles" : [ "/usr/local/collaborator/keys/privkey.pem", "/usr/local/collaborator/keys/cert.pem", "/usr/local/collaborator/keys/fullchain.pem" ] } }, "polling" : { "localAddress" : "10.229.x.x", "publicAddress" : "1.2.x.x", "http": { "port" : 9090 }, "https": { "port" : 9443 }, "ssl": { "certificateFiles" : [ "/usr/local/collaborator/keys/privkey.pem", "/usr/local/collaborator/keys/cert.pem", "/usr/local/collaborator/keys/fullchain.pem" ] } }, "metrics": { "path" : "burp-metrics-path", "addressWhitelist" : ["127.0.0.1/32"] }, "dns": { "interfaces" : [{ "name": "ns1.collaborator.example.com", "localAddress" : "10.229.x.x", "publicAddress" : "1.2.x.x" }], "ports" : 53 }, "logLevel" : "DEBUG" } ``` I would really appreciate if you guys can help me understand what is failing in the Health Check, as well as explaining why the dig operation behaves as it does. Thank you!

Michelle, PortSwigger Agent | Last updated: Nov 29, 2022 09:39AM UTC