Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Use Collaborator server for CSRF POCs?

Seth | Last updated: Sep 17, 2015 12:10AM UTC

Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC to a "real" web server that will cause my browser to generate a pre-flight request. Depending on the engagement, I use a public webserver or just on a vm in bridged mode. Now that we have the collaborator, I was thinking that it would be really nice have an option to "Send CSRF POC to Collaborator", since that already meets all of the requirements to 100% verify CSRF (and cause pre-flight request). Thoughts?

PortSwigger Agent | Last updated: Sep 17, 2015 03:32PM UTC

Thanks for this request, which is a great idea. Later in the Burp Collaborator roadmap, we do plan to support serving of artibrary responses from the Collaborator server. This will be primarily aimed at delivering out-of-band payloads into target applications where an external HTTP interaction can be triggered. When this feature is implemented, we will also be able to use it for serving CSRF PoC responses, in the way you describe. (For various reasons, it is likely that this feature will only be available if you have deployed a private Collaborator server, because we don't want the public server being used as a vehicle for delivering arbitrary attacks against third parties.)

Burp User | Last updated: Sep 17, 2015 08:18PM UTC

Good distinction! We deployed a private collaborator server and I already forgot that there is a public option. I'll look forward to seeing it rolled out. Keep up the great work over there!

Burp User | Last updated: Sep 21, 2015 06:46PM UTC

Second this

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.