Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Collaborator Enhancement Requests

Eli | Last updated: Sep 24, 2019 11:12PM UTC

When performing manual testing, it's not possible to detect out-of-band interactions which occur after the Burp Collaborator Client is closed. This means payloads that are fired weeks or months later are not detected (even though the Collaborator server has a record of the interaction). To address this limitation, please consider making the following enhancements to the Collaborator Client: - Ability to restore collaborator sessions upon reopening the Collaborator Client. - Ability to name collaborator sessions - Ability to find the session ID associated with a subdomain generated by the Collaborator Client Further, please consider making the following enhancements to the Private Collaborator Server: - Ability to log all requests received to a file, including the connection details and the session id the request is associated with (if known). - Perform optional callback to a webhook (or shell script) when an interaction is detected - Detect and report on TCP interactions (e.g. victim opened TCP connection on port 80, but no data sent ) - Create API call that displays connection details without deleting it from the server (to enable things like OOB scoreboards to monitor campaign activity) Any or all of these features would greatly enhance Burp's ability to find "super-blind" vulnerabilities via manual testing. Thanks

Burp User | Last updated: Sep 24, 2019 11:38PM UTC

+1 on the above request.

Burp User | Last updated: Sep 24, 2019 11:55PM UTC

Me too!

Burp User | Last updated: Sep 25, 2019 03:34AM UTC

+1

Burp User | Last updated: Sep 25, 2019 03:39AM UTC

This would be so awesome, please make this happen :)

Burp User | Last updated: Sep 25, 2019 03:51AM UTC

This would be a great feature that would open the door for some creative problem solving.

Burp User | Last updated: Sep 25, 2019 04:01AM UTC

This would be really helpful for internal pen test teams looking for OOB vulns over a long period of time, likely to find some "hidden gems". Please consider adding this feature.

Burp User | Last updated: Sep 25, 2019 05:01AM UTC

+1

Burp User | Last updated: Sep 25, 2019 05:49AM UTC

This would be so helpful please add it ASAP

Burp User | Last updated: Sep 25, 2019 06:03AM UTC

That would be really useful at our company. I'd like to see it happen too.

Burp User | Last updated: Sep 25, 2019 07:38AM UTC

Good feature! Hope to see it soon.

Burp User | Last updated: Sep 25, 2019 08:45AM UTC

+1

Mike, PortSwigger Agent | Last updated: Sep 25, 2019 10:25AM UTC

Thank you for your feature requests, I will pass them to our development team for consideration.

Burp User | Last updated: Sep 25, 2019 11:16AM UTC

+1

Burp User | Last updated: Sep 25, 2019 12:33PM UTC

<Please <Add> This> Feature

Burp User | Last updated: Sep 25, 2019 12:37PM UTC

<script>alert("We need this, ANSWER")</script>

Burp User | Last updated: Sep 25, 2019 01:18PM UTC

Yes please this would be beneficial!

Burp User | Last updated: Sep 25, 2019 03:21PM UTC

+1

Burp User | Last updated: Sep 26, 2019 02:34PM UTC

Sure Why Not

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.