Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Setting a CAA record using the private collaborator

Stan | Last updated: Jul 08, 2020 11:49AM UTC

Hello. I wish to set a CAA record using my private Collaborator server. To create an SSL certificate, my provider requires a valid, resolving CAA record on the (sub)domain I'm running my Collaborator on. How do I set custom records using the built in nameserver that the Burp Collaborator server offers?

Stan | Last updated: Jul 08, 2020 05:53PM UTC

I want to add another question to this: when resolving NS on my Burp Collaborator it will give a NullPointerException: Note: the server is running the latest version of Burp Collaborators. 2020-07-08 17:55:51.878 : Received DNS query from [IP MASKED] for [SERVER MASKED] containing no interaction IDs. Exception report: Category: UNEXPECTED Detail: java.lang.NullPointerException at burp.dju.a(Unknown Source) at burp.dju.c(Unknown Source) at burp.dju.<init>(Unknown Source) at burp.b0u.a(Unknown Source) at burp.dho.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) -------------------------------------------------------------------------------- 2020-07-08 17:55:51.879 : Problem handling DNS request java.lang.NullPointerException at burp.dju.a(Unknown Source) at burp.dju.c(Unknown Source) at burp.dju.<init>(Unknown Source) at burp.b0u.a(Unknown Source) at burp.dho.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)

Liam, PortSwigger Agent | Last updated: Jul 09, 2020 11:11AM UTC

Stan, we have CAA support in our development backlog. Unfortunately, we can't provide an ETA. We will update this thread when we ave any updates. We'll take a look at your NullPointerException issue and get back to you ASAP.

Michelle, PortSwigger Agent | Last updated: Jul 13, 2020 02:19PM UTC

Hi Stan Can I check a few more details in relation to the messages you're seeing on the Collaborator server? When you're seeing these messages, is the private collaborator server passing all the health checks? Do you see this with all queries or just certain ones?

Stan | Last updated: Jul 18, 2020 09:45PM UTC

Hello Michelle, Yes, the collaborator passes all health checks. I've tried multiple Java versions, and now I'm using the shipped Java version: openjdk version "12.0.2" 2019-07-16. I'm only getting the nullpointerexception errors when querying for specific records. These are CAA records(that is how I found out) and NS records. All other records seem to work. Interesting to note is that the failed queries do show up in the client (when polling), even though the server is giving errors. The failed queries will however, show up a lot more times than normal (10-20 times). This could be a side effect of using the command line tool "dig" to test this.

Uthman, PortSwigger Agent | Last updated: Jul 20, 2020 09:25AM UTC

Stan, Can you please email us with further details and screenshots? Which version of Burp are you using? You can reach us on support@portswigger.net

Michelle, PortSwigger Agent | Last updated: May 20, 2021 11:50AM UTC

Hi

I just wanted to get in touch with you to let you know we've made a number of improvements to Burp Collaborator in recent versions which should address some of the issues you were experiencing. We have added support for single custom CNAME and multiple custom TXT DNS records within Burp Collaborator, which can optionally contain specific TTL values.
https://portswigger.net/burp/documentation/collaborator/deploying#add-custom-dns-records

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.