Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Collaborator Enhancement Requests

Eli Gato Sep 24, 2019 11:12PM UTC

When performing manual testing, it's not possible to detect out-of-band interactions which occur after the Burp Collaborator Client is closed. This means payloads that are fired weeks or months later are not detected (even though the Collaborator server has a record of the interaction).

To address this limitation, please consider making the following enhancements to the Collaborator Client:
- Ability to restore collaborator sessions upon reopening the Collaborator Client.
- Ability to name collaborator sessions
- Ability to find the session ID associated with a subdomain generated by the Collaborator Client

Further, please consider making the following enhancements to the Private Collaborator Server:
- Ability to log all requests received to a file, including the connection details and the session id the request is associated with (if known).
- Perform optional callback to a webhook (or shell script) when an interaction is detected
- Detect and report on TCP interactions (e.g. victim opened TCP connection on port 80, but no data sent )
- Create API call that displays connection details without deleting it from the server (to enable things like OOB scoreboards to monitor campaign activity)

Any or all of these features would greatly enhance Burp's ability to find "super-blind" vulnerabilities via manual testing.


Shiv Sep 24, 2019 11:38PM UTC
+1 on the above request.

J Sep 24, 2019 11:55PM UTC
Me too!

br Sep 25, 2019 03:34AM UTC

Meowmix Sep 25, 2019 03:39AM UTC
This would be so awesome, please make this happen :)

Joe H Sep 25, 2019 03:51AM UTC
This would be a great feature that would open the door for some creative problem solving.

olderthandirt Sep 25, 2019 04:01AM UTC
This would be really helpful for internal pen test teams looking for OOB vulns over a long period of time, likely to find some "hidden gems". Please consider adding this feature.

MonkeyKing Sep 25, 2019 05:01AM UTC

Mara Sep 25, 2019 05:49AM UTC
This would be so helpful please add it ASAP

Thibaud Sep 25, 2019 06:03AM UTC
That would be really useful at our company. I'd like to see it happen too.

Ashkan Jahanbakhsh Sep 25, 2019 07:38AM UTC
Good feature! Hope to see it soon.

jon j Sep 25, 2019 08:45AM UTC

x Sep 25, 2019 11:16AM UTC

<w<h<o<i< Sep 25, 2019 12:33PM UTC
<Please <Add> This> Feature

"</span><script>alert("We need this, YOUR NAME")</script><span>" Sep 25, 2019 12:37PM UTC
<script>alert("We need this, ANSWER")</script>

Jason Sep 25, 2019 01:18PM UTC
Yes please this would be beneficial!

'"><script src=></script> Sep 25, 2019 03:21PM UTC

Mike Eaton Sep 26, 2019 02:09PM UTC Support Center agent

Thank you for your feature requests, I will pass them to our development team for consideration.

Tester Sep 26, 2019 02:34PM UTC
Sure Why Not

Post Your public answer

Your name
Your email address