Burp Collaborator Client
Burp Collaborator client is a tool for making use of
Burp Collaborator during manual testing. You
can use the Collaborator client to generate payloads for use in manual
testing, and poll the Collaborator server for any network interactions that
result from using those payloads.
To run Burp Collaborator client, go to the Burp menu and select "Burp
Collaborator client".
The following functions are available:
- You can generate a specified number of Collaborator payloads and
copy these to the clipboard. You can use these in manual testing,
for example using Burp Intruder or
Repeater.
- You can choose whether the generated payloads include the full
Collaborator server location, or only the unique interaction ID.
- You can poll the Collaborator server to retrieve details of any
network interactions resulting from your payloads, either at a
regular interval or on demand.
Please take note of the following when using the Burp Collaborator
client:
- Each Collaborator client window opens in a separate context in
which payloads can be generated and polled for. There is no
cross-talk of payloads or interactions between separate client
windows. Hence, if you close a client window, there is no way to
retrieve any further interactions resulting from its payloads.
- Each Collaborator client window is tied to the
Collaborator
server configuration that was in place at the time the window
was opened. If you modify your Collaborator server settings (for
example, to use a different private Collaborator server) you will
need to open a new client window to use that configuration.
Thursday, September 8, 2016
1.7.06
This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.
See all release notes ›