1. Support Center
  2. Documentation
  3. Burp Collaborator

Burp Collaborator Documentation

This section contains information about What Burp Collaborator is, How Burp Collaborator works, Security of data processed by Burp Collaborator, and Options for using Burp Collaborator.

What Is Burp Collaborator?

Burp Collaborator is an external service that Burp can use to help discover many kinds of vulnerabilities. For example:

When Burp Collaborator is being used, Burp sends payloads to the target application that are designed to cause interactions with the Collaborator server when certain vulnerabilities or behaviors occur. Burp periodically polls the Collaborator server to determine whether any of its payloads have triggered interactions. Burp may also control the responses that the Collaborator server returns when a target application interacts with it.

Burp Collaborator is currently only used by the Scanner tool. In future, other Burp tools will also make use of it.

How Burp Collaborator Works

Burp Collaborator runs as a single server that provides custom implementations of various network services:

A typical external service interaction can be detected via the Collaborator server as follows:

Further to this basic case, the Collaborator can play various other roles in the detection of vulnerabilities, for example:

Security of Collaborator Data

Users may have legitimate concerns about the security of data that is processed by the Collaborator server, and the feature has been designed with a strong emphasis on the security of this data.

What Data Does the Collaborator Server Store?

In most cases, when a vulnerability is found, the Collaborator server will not receive enough information to identify the vulnerability. It does not see the HTTP request that was sent from Burp to the target application. In a typical case, it will record that an interaction was received from somewhere, including a random identifier that was generated by Burp. Occasionally, the Collaborator server will receive some application-specific data: for example, the contents of an email generated through a user registration form.

How is Retrieval of Collaborator Data Controlled?

The Collaborator functionality is designed so that only the instance of Burp that generated a given payload is able to retrieve the details of any interactions that result from that payload. This requirement is implemented as follows:

Further to this mechanism, the following precautions are also implemented in the Collaborator server to protect against unauthorized access to its data:

Options for Using Burp Collaborator

Burp users can choose between the following three options for using Burp Collaborator:

Note: The functionality of Burp Collaborator gives rise to issues that require careful consideration by users. Users should ensure that they fully understand the functionality and the alternative methods of utilization of Burp Collaborator, and have considered the consequences of utilization for themselves and their organization.

Within Burp, you can configure these settings within the Burp Collaborator server options .