Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

External Service Interaction - Bug Bounty?

Blake Jacobs Feb 05, 2019 06:36AM UTC

I have found an external service interaction issue on a website that is listed in hacker one, I want to send a report, but, I'm not sure how to come up with a proof of concept to send to them. I have recently reported an external service interaction bug, but the company asked for a poc and I had no idea where to begin.

First of all I used burp suite pro active scanning to find the issue and then I used Collaborator to send of a valid dns payload to the server and I then after that I got a response, which is good so far.

But,

What do I do next in order for my bug bounty to get approved?
And is showing them Burp Collaborator payload response enough?


Liam Tai-Hogan Feb 06, 2019 11:53AM UTC Support Center agent

Blake, we’d recomend contacting the bug bounty program and asking for clarification of their requirements.

If you need assistance verifying a Burp issue, you can send any relevant information to support@portswigger.net.


Post Your public answer

Your name
Your email address
Answer