Tuesday, December 6, 2022
HomeHackingHow to Setup Private Burp Collaborator for Hacking

How to Setup Private Burp Collaborator for Hacking

In Bug Bounty or in general hacking we tend to use Burp Collaborator for detecting for out-of-band data extraction. Burp Collaborator helps to detect bugs that cause external interactions. These bugs include, Blind SQLi, Blind CMDi, SSRF, etc. Lets see how to setup Private Burp Collaborator in our VPS.

Default Burp Collaborator in great but it’s more helpful to have your own Private Burp Collaborator . Some WAFs are configured to filter Burp Collaborator payloads due to which you mayn’t get desired results. So to bypass WAFs which detects our default burp collaborator payload we need to setup private Burp Collaborator of our own.

Requirements

  • Docker
  • Domain
  • BurpSuite Professional

Setup domain

Go to your DNS Manager in which your domain is. Now setup a subdomain and add NS record to your burp collaborator subdomain, and A record pointing to your server as shown in image.

setting up dns for private burp collaborator

Environment Setup

If you don’t have docker then

sudo apt update && sudo apt upgrade -y
sudo apt install docker.io

After installing docker you can proceed further.

git clone https://github.com/integrity-sa/burpcollaborator-docker.git && cd burpcollaborator-docker
downloading private burp collaborator docker file
wget "https://portswigger.net/burp/releases/download?product=pro&version=2021.10.3&type=Jar"

mv 'download?product=pro&version=2021.10.3&type=Jar' burp.jar && mv burp.jar ./burp/pkg/burp.jar
installing burp suite pro for setting up private burp collaborator

Make sure to replace domain and IP with your respective domain and Server IP

./init.sh burp.hackplaza.net 20.119.42.229

Incase if you get error like this:

Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use.

error on private burp collaborator  setup

Use these commands to solve:

sudo systemctl stop systemd-resolved

Inbound Rule

If you again get some error like this

error on private burp collaborator setup process

You have to make some changes in Networking group to allow Inbound connections. You have to do this in your VPS provider accordingly . I am using Azure so here is how to do:

  • Click on VM > Networking > Add inbound port rule > In Destination Port ranges keep * in it and finally click on Add
Inbound setting for private burp collaborator

Again run ./init.sh burp.hackplaza.net 20.119.42.229 with replacing subdomain and Server IP with your own.

Successfull installation output will be like this:

private burp collaborator

Testing with BurpSuite Pro

Now to test if it is working or not. Follow these steps:

  1. Open your Burp Suite Professional
  2. Click on Project Options Tab > Misc > Burp Collaborator Server
  3. Select use private collaborator and do like shown in picture and click on Run Health check
private burp collaborator

Now you can use your private Burp Collaborator server normally from BurpSuite Pro and that’s the end of this tutorial on How to Setup How to Setup Private Burp Collaborator for Hacking

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments