BurpSuite - Collaborator

What is Burp Suite Collaborator?

In the paid version of Burp Suite, there is a tool called Collaborator. It is a type of tool similar to the listener at Hakatemia, which can help identify vulnerabilities, especially blind vulnerabilities that might otherwise go unnoticed.

The tool works in a way that PortSwigger (the company behind Burp Suite) maintains a collaborator server that listens to various types of network traffic, such as DNS, SMTP, and HTTP. The collaborator server can also be set up manually if desired, but its use still requires a Burp Suite Professional license.

Using the Collaborator Manually

Collaborators can be used manually so that the tool creates a unique domain for you where hits (e.g. DNS) are reported to the Burp Suite collaborator view.

Let's try this by first moving to the Collaborator page and pressing the Copy to clipboard button.

Next, open either command line or browser and execute an HTTP request to the copied address in whichever way you prefer. For example, we can do this with the curl command.

curl https://yuw0r3pi21guk5u7orb3kqqp8ge72xqm.oastify.com

After that, press the Poll now button and the HTTP request should appear in the window. The window also shows a DNS request where the computer has communicated with the collaborator when searching for the corresponding IP address for that domain.

Using a Collaborator in Burp Vulnerability Scanning

In addition to manual usage, Burp Suite itself can use collaborator during vulnerability scanning. Burp may create a domain and then try to find, for example, an XXE vulnerability by downloading an external DTD file from the collaborator service's HTTP server. If the target application sends the specific HTTP request (to load the DTD file), the vulnerability is clearly present.

Auditor of cybersecurity

As a member of Hakatemian, you also have access to the Hakatemian Listener tool, which can be used similarly to Burp Collaborator's manual tool.

Hakatemia Listener