Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Strange DNS calls on the Burp Collaborator

Mikhail | Last updated: May 28, 2020 03:47PM UTC

Hey there, I'm trying to repro an XXE using the Burp Collaborator and facing an issue similar to the one described in this thread: https://forum.portswigger.net/thread/external-service-interaction-dns-false-positives-47097af8 I explained my issue in the comment to the thread, but since it's rather old, I re-post it here just not to slip from the attention of the support team. When I send a request to the target system from the Burp Repeater nothing happens. When I open the payload in the browser on the same machine, as the Burp, I get DNS requests from my ISP's DNS server (which is Ok), as well as from some random IP assigned to some AWS EC2. I have checked that these IPs do not belong neither to my company's infrastructure nor to my endpoint protection provider's infra. These external DNS calls never happen when I open the payload in the browser of another machine. I also has noticed using TCPview that about the time of those DNS request appearance, my Burp instance launches a new short-lived thread that connects to some EC2. Could this be a coincident? Please check and confirm if none of your services were running 2020-May-25 between 21:38:10 UTC and 22:52:11 UTC on the following hosts: • 35.171.100.103 - ec2-35-171-100-103.compute-1.amazonaws.com • 35.170.83.209 - ec2-35-170-83-209.compute-1.amazonaws.com • 35.171.100.106 - ec2-35-171-100-106.compute-1.amazonaws.com I would appreciate also if you could share any ideas where this false positives may come from, where else I should check. Regards, MT

Uthman, PortSwigger Agent | Last updated: May 29, 2020 07:59AM UTC

Hi Mikhail, Can you please email us on support@portswigger.net with the information below? - If you are using a private collaborator server - Where the private collaborator server is hosted - Whether you have any extensions enabled - A video or screenshots highlighting your issue

Mikhail | Last updated: May 29, 2020 03:19PM UTC

Hi Uthman, 1. no, the public one. 2. n/a 3. Yes, this two: JSON Web Tokens & Image Metadata 4. I will be able to generate the video next week

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.