I have observed a glitch in collaborator's functionality.
While (selectively) testing the persisten-xss module i have noticed the following payload being used:
Here the \56 part is odd. it should be a dot. However, it's this weird expression. It seems that the dot symbol (56 in decimal from ascii table), is not properly encoded/decoded.
I did not investigate other modules but i guess it's likely that other modules are affected.
The bug was verified in v1.6.36.
Please let me know (via email) once you have acknowledged/verified the issue.
Burp is working as intended.
The reason Burp deliberately obfuscates the URL in this way is to reduce the likelihood that other components that process the payload data will see the domain name and perform a DNS lookup of it. Some WAF-like products do this when they see a domain name embedded in a parameter value. Using context-specific obfsucation in this way helps to reduce false positives.