Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Collaborator Results & Errors

xEvVaYHw3DRY9Q | Last updated: Aug 02, 2017 01:59AM UTC

Hi all, I was checking this one app, where, while using Collaborator feature, I noticed a seemingly inconsistent behavior. The app is protected by Cloudflare, and it is possible that WAF is also in use. I am using Burp's public collaborator server, and the Collaborator Everywhere extension. One of the scans was able to confirm External service interaction (DNS & HTTP) finding. The requests for both of these originated from 2 different IP addresses (CloudFlare), which are different servers than the web app. There are 2 issues I am trying to figure out: 1. When replicating these tests manually, no response is received back even if I use the same payloads(.burpcollaborator.net) urls. I have tested the reported url/request, and multiple others, but the response is not received. In some cases, a different set of cloudflare IPs are seen to reset the connection attempts Q: How can I test the reported url manually? And is it possible to explicitly send the requests via CloudFlare IP addresses seen initially? 2. While trying out different requests, and payload formats, and even performing Active Scans with 'External / Out of Band Interaction' scan option, there is no positive response received (i.e. confirmation from burp collaborator, as shown through Collaborator Everywhere). However, I find that there are continuous Alerts being received during these tests. The message is: The Burp Collaborator server used by the Burp Collaborator client is not reachable, change the settings to use this feature. I have run the Health check for Collaborator and all tests are green. I have also checked the request & response logs for Extender traffic, and it does not show anything relevant. And Alert count keeps going up. Q: Are these known issues / false positives? Is it possible to dig deeper into what might be the issue here? Any suggestions will be helpful. Thanks.

PortSwigger Agent | Last updated: Aug 02, 2017 07:49AM UTC

Hi, Thanks for your inquiry. 1) Collaborator Everywhere reports the request it used to trigger the interaction. Send this to Repeater. Start the Burp Collaborator client, generate a payload, and paste this into the request in Repeater. Issue the request in repeater, and leave Collaborator client open so it polls for interactions. Be aware there may be a significant time delay - Collaborator Everywhere will have reported this. 2) This sounds like a potential issue. It's possible that you're hitting rate limiting on the Collaborator server. Please send your debug ID so we can investigate further. It's in User options > Misc > Performance Feedback. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.