Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Collaborator config

Rodolfo | Last updated: Dec 22, 2016 07:27PM UTC

i have a ec2(cloud server amazon), and inside of this server i have a burp, running with "java -jar bur.jar --collaborator-server". In my local machine, i have burp pro. How can i configure my instance of burp in my local machine, with the burp collaborator inside of my cloud server at amazon. Because, when i put adress of ec2(amazon) on my burp project options --> burp Collaborator Server --> use a private Collaborator Server.. and run health check.. i have this erros: Initiating health check Server address resolution Success Server HTTP connection Warning Server HTTPS connection (trust enforced) Warning Server HTTPS connection (trust not enforced) Warning Server SMTP connection on port 25 Warning Server SMTP connection on port 587 Warning Server SMTPS connection (trust enforced) Warning Server SMTPS connection (trust not enforced) Warning Polling server address resolution Success Polling server connection Error @obs: i have a instance of burp in my ec2 amazon server. running with java -jar burp.java --collaborator-server after running this command, at the console.. returns proxy: running 127.0.0.1:8080

Burp User | Last updated: Dec 22, 2016 09:22PM UTC

I'm having a lot of trouble configuring the Collaborator private server. Is there any other link with another tutorial to help the set-up of this feature?thanks for the attention.

Burp User | Last updated: Dec 23, 2016 04:14AM UTC

i have the same problem, the DOC don't have photos.. any kind of tips. i work with a small team, i have a server at digital ocean, i put the free edition at burp in the server and running the only thing that appears in the terminal is.. listening 127.0.0.1:8080. After that, i put the ip public address of my server in my local burp pro, at the misc config, and run the health check.. i got several warnings with some ports.. and i can't use burp collaborator. Someone of can help us ? with a good tutorial for private server like ec2 amazon, digital oceal, .. etc.. thanks..

PortSwigger Agent | Last updated: Dec 23, 2016 09:20AM UTC

The healthcheck output in the original post indicates that your private Collaborator server is not configured with a valid wildcard SSL certificate. To get rid of the SSL errors you'll need to obtain one of these. You are also getting an error with polling your private server. This suggests either the server or the Burp settings are misconfigured. Documentation and sample configurations are here: https://portswigger.net/burp/help/collaborator_deploying.html Biils - note that the Collaborator feature requires the Professional edition of Burp.

Burp User | Last updated: Dec 23, 2016 01:17PM UTC

As commented in the website : "To do this fully effectively, you will need a host server, a dedicated domain name, and a valid CA-signed wildcard SSL certificate. Private Collaborator servers without a suitable domain name or SSL certificate will be able to support some, but not all, of the Collaborator-related capabilities within Burp." from -- https://portswigger.net/burp/help/collaborator.html#options How can I run the burp collaborator server just with the host server? Is there any other tutorial link or Documentation to follow? @Dafydd Stuttard I already looked into the Documentation and sample configurations are here: https://portswigger.net/burp/help/collaborator_deploying.html I find this link very confusing, the lack of screenshots and explanation it makes difficult to build a PoC to show the team the capabilities of the burp collaborator server. Thanks for the attention.

Burp User | Last updated: Dec 23, 2016 03:09PM UTC

Can i use, a auto sign certificate ?

PortSwigger Agent | Last updated: Dec 28, 2016 11:23AM UTC

John - You can use the Collaborator server without your own SSL certificate and it will automatically generate a self-signed certificate. You need to configure your desired hostname, as described here: https://portswigger.net/burp/help/collaborator_deploying.html#ssl I don't know what you require in terms of screenshots since the Collaborator server runs headlessly without a UI. All of the options are clearly described in the documentation in the above page. Also, if you want to perform a simple demo of the Collaborator server capabilities, you can just use the default public one for this purpose. Rick - You can configure your own, or tell the Collaborator server to auto-generate one, as described at the above link.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.