Burp Suite User Forum

Login to post

Unable to manually verify an External service interaction despite it being "correct"

EVan | Last updated: Nov 07, 2020 09:26PM UTC

Hey, I'm new to Burp and was doing some testing. Burp Scanner found an External service interaction (DNS) which it is confident in. I checked the scanner collaborator information and the IP address sending the A record request is correct, so I know that this is a valid issue. I have retested it with the scanner multiple times and it works. However when I try to manually test this with Collaborator, it will not work. I get the exact same response from the server but the collaborator endpoint does not receive any information. Burp Scanner says that the payload was submitted in the SSL SNI value and the HTTP Host header. I used the exact same request in repeater, as well as making sure that the Host option was set to my own collaborator link but it won't work. Is there something I am fundamentally doing wrong? Or is there some manual way to set the SSL SNI value that I'm missing, as I see nothing about it in the headers of the automated request. Thanks

Uthman, PortSwigger Agent | Last updated: Nov 09, 2020 10:37AM UTC

Hi Evan, When you manually test this, are you using the method below? - https://portswigger.net/burp/documentation/desktop/tools/collaborator-client

You need to Log in to post a reply. Or register here, for free.