Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Collaborator further protocols

S H Dec 06, 2018 08:52AM UTC

Hi Burp Team,
The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however.
Do you plan on supporting FTP/S or other protocols?

As a dirty hack, one could do a FTP request on port 80 or 25 in order to see if credentials will be added. When I do a http connection (with curl) on port 25, I get a hit from the collaborator, however when I do a ftp connection on port 25 (with ftp), the collaborator does not report the (failed) SMTP Conversation. Can you look into that?

Thanks a lot for your great tool, cheers,
S


Paul Johnston Dec 06, 2018 09:12AM UTC Support Center agent

Glad you find the Collaborator useful. We don’t have any short term plans to implement further protocols. If your target uses an unsupported protocol you will still get a DNS interaction, which is an indication you should manually investigate.

The SMTP interaction will trigger if there’s an interaction ID in the data received. When you used the FTP client, the ID will not have been sent, although you should still get a DNS interaction.


Post Your public answer

Your name
Your email address
Answer