-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathBappDescription.html
More file actions
42 lines (32 loc) · 2.8 KB
/
BappDescription.html
File metadata and controls
42 lines (32 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<p>This extension inserts Burp Collaborator payloads into all HTTP headers and URL parameters of in-scope traffic. It helps uncover vulnerabilities like SSRF and blind RCE by injecting payloads into every possible entry point during active testing.</p>
<p><strong>Note:</strong> This extension is an improved version of the original Collaborator Everywhere, developed by James 'albinowax' Kettle. The original source code for Collaborator Everywhere can be found here: <a href="https://github.com/PortSwigger/collaborator-everywhere">https://github.com/PortSwigger/collaborator-everywhere</a></p>
<h2>Features</h2>
<h3>Original functionality</h3>
<ul>
<li>Insert a freshly generated Collaborator payload to certain headers in every request to an in-scope host.</li>
<li>Raise an issue if a request to one of these Collaborator URLs has been received.</li>
<li>Display detailed information about the request in the issue and which payload caused it.</li>
<li>Show time difference between the original request and the received interaction.</li>
<li>Check own external IP address and add a disclaimer if the interaction was received from the own address.</li>
<li>Includes payloads to modify HTTP header fields and URL parameters.</li>
<li>Payloads can be constructed with a placeholder that is replaced with the Host header value of the original request.</li>
</ul>
<h3>New functionality</h3>
<ul>
<li>Payloads can be added, modified, deleted, enabled or disabled in a new tab.</li>
<li>Additionally, payloads can be imported from a file. See payloads for examples.</li>
<li>All received interactions are displayed in a new tab similar to the built-in Collaborator, with more details provided for individual entries.</li>
<li>Requests that caused an interaction are highlighted in the Proxy history.</li>
<li>Added new placeholders to use the value of the Origin and Referer header fields in a payload.</li>
<li>Interactions are stored persistently in the project file.</li>
<li>Settings are stored in Burp's user settings and survive a reload of the extension.</li>
</ul>
<h2>Usage</h2>
<ol>
<li>Ensure your Burp project has a Collaborator server configured (by default, Burp will use the public Collaborator server).</li>
<li>Set your "Target → Scope". This limits where payloads are injected.</li>
<li>Adjust your poll interval as necessary.</li>
<li>When using a browser proxied through Burp, the extension will inject payloads into all headers and parameters of in-scope requests, as specified by your "Payloads" tab.</li>
<li>Monitor the "Interactions" table within the extension tab to analyze incoming responses from the Collaborator server.</li>
</ol>
<p>This tool is particularly useful for testing out-of-band vulnerabilities in scenarios where manual injection would be time-consuming or error-prone.</p>