Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Validating the External service interaction (DNS) & (HTTP) Findings Detected by Burp Scanner?

MoldyCheese | Last updated: Oct 19, 2021 04:53PM UTC

Hello, My organization requires us to create a full Proof of Concept to demonstrate that a vulnerability actually exists in order to report on it. We noticed that the Burp Pro scanner often detects External service interaction (DNS) and (HTTP) with a High severity rating. Specifically the response in Burp shows either a 301 or 400 HTTP code. Burp is saying the host and connect headers are vulnerable along with a GET request. I could use some guidance on how to manually validate this and to see if this is actually an issue? Thanks!

Michelle, PortSwigger Agent | Last updated: Oct 20, 2021 11:48AM UTC

Unfortunately, we can't provide specific assistance with fixing individual issues in people's apps or dissecting/explaining scan reports as our support service is here to provide technical advice with Burp Suite, but the issue detail from the scan will include a sample request which can be sent to the Repeater tool for testing payloads in, for example, the HTTP Host Header, and used as a base for manual replication. New Collaborator payloads can be generated by going to Burp -> Burp Collaborator Client. I hope this helps. Please let us know if you have any questions.

MoldyCheese | Last updated: Oct 22, 2021 12:15AM UTC

Michelle, Unfortunately, your response was not helpful at all. I am not asking on how to fix our individual application. I am asking for advice on what to do next to validate this finding that Burp scored a High. Googling around does not even seem to be any instances of a real-world vulnerability with this method. Can you please reach out to PortSwigger management if they could post a blog or a section in the Burp Academy with tips on how to further validate or what an attacker can actually do with this? Searching this forum and online for hundreds of similar questions but no one seems to know what to do with it. I have to write a report on the accuracy of Burp Web App scanner and seems most of the items reported end up being false-positives. Thanks!

Michelle, PortSwigger Agent | Last updated: Oct 22, 2021 07:06AM UTC