Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Providing UDP source ports in Burp Collaborator

Login | Last updated: Jan 29, 2022 10:35AM UTC

Is it possible to provide UDP source ports of DNS queries via the IBurpCollaboratorInteraction interface? This would allow to easily analyze the randomness of used source ports, which makes it possible to find vulnerabilities (Kaminsky attacks) in the name resolution of the querying DNS resolver. I've implemented such functionality in my own project (https://github.com/The-Login/DNS-Reset-Checker), but having the ability to analyze this via Burp Collaborator makes the whole DNS topic way more accessible.

Hannah, PortSwigger Agent | Last updated: Feb 02, 2022 02:57PM UTC

Hi Could you provide some more information on what you are looking for? By default, Burp Collaborator server will listen on UDP port 53 for DNS. You can change this when deploying your own private Collaborator server. Further information on deploying a private Collaborator server can be found here: https://portswigger.net/burp/documentation/collaborator/deploying

Login | Last updated: Feb 09, 2022 04:25PM UTC

The IBurpCollaboratorInteraction interface can be used to retrieve various properties of interactions. For example, the properties provided specifically for DNS interactions are "query_type" and "raw_query". Now, to enable more DNS analysis it would be nice to have the properties "source_port" and "layer_4_protocol" as well. These properties would contain the source port used by the querying client as well as the OSI layer 4 protocol (e.g. TCP/UDP).

Hannah, PortSwigger Agent | Last updated: Feb 14, 2022 03:53PM UTC

Hi The Collaborator instance only listens for DNS requests using UDP. You can see this in our documentation here: https://portswigger.net/burp/documentation/collaborator/deploying#collaborator-server-ports-and-firewall-rules We can create a feature request to expose the source port if you would like?

Login | Last updated: Feb 19, 2022 08:59AM UTC

Yes, that would be great and much appreciated! Thank you in advance!

Login | Last updated: Sep 22, 2022 03:26PM UTC

Hi, is there an update to this feature request? Has this feature already been implemented?

Hannah, PortSwigger Agent | Last updated: Sep 23, 2022 08:22AM UTC

Hi Work for this feature request has not been prioritized. We've added your +1 to our ongoing feature request for this functionality.

Oualid | Last updated: Oct 14, 2022 01:50PM UTC

This feature would be indeed very useful. Would be happy to see it implemented soon. (+1)

Michael | Last updated: Oct 27, 2022 04:40PM UTC

+1

Viktoria | Last updated: Oct 27, 2022 04:40PM UTC

+1

Daniel | Last updated: Oct 27, 2022 04:55PM UTC

+1

Sebastian | Last updated: Oct 27, 2022 08:00PM UTC

+1

Ben, PortSwigger Agent | Last updated: Oct 28, 2022 12:51PM UTC

Hi all, Thank you for your interest in this particular feature request. The good news is that we are now actively working on this so, all things being well, we should have some good news to share in the relatively near future.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.