Misc Project Options
This tab contains settings for scheduled tasks
and
Burp Collaborator server.
Scheduled Tasks
[Pro version] See the
Task Scheduler documentation.
Burp Collaborator Server
Burp Collaborator is an external service that Burp can use to help
discover many kinds of vulnerabilities. For more details about the
functionality and alternative methods of utilization of Burp
Collaborator, see the main Burp Collaborator documentation.
Note: The functionality of Burp Collaborator gives
rise to issues that require careful consideration by users. Users should
ensure that they fully understand the functionality and the alternative
methods of utilization of Burp Collaborator, and have considered the
consequences of utilization for themselves and their organization.
The following options for using Burp Collaborator server are
available:
- Use the default Collaborator server - This
default option uses a public Collaborator server provided by
PortSwigger. This server is shared between all Burp users who use
it. If the public Collaborator server suffers from any service
outage or degradation, then the efficacy of Collaborator-related
functionality within Burp may be impaired. For this reason,
PortSwigger makes no warranty about the availability or performance
of this server.
- Don't use Burp Collaborator - With this
option, none of the Collaborator-related capabilities within Burp
will be available.
- Use a private Collaborator server - This
option lets you use your own instance of the Collaborator server.
See the documentation on deploying a private Collaborator server
if you would like to do this.
If you are using a private Collaborator server, you will need to
configure Burp with the details of its location. The following options
are available:
- Server location - This is the domain name or IP
address of your server. If you specify the server by IP address,
then Burp's Collaborator-related functionality that relies on DNS
resolution will not be available. For more details, see the main
Burp Collaborator documentation.
- Polling location (optional) - This optional
field lets you specify the location where your private Collaborator
server answers polling requests. Collaborator servers can be
configured to receive interactions and answer polling requests on
different network interfaces, if required. You can specify the
polling location by hostname or IP address, with an optional port
number separated by a colon. For example, 10.20.30.40:8008.
The following further options are also available:
- Poll over unencrypted HTTP - By default, Burp
polls the Collaborator server over HTTPS, and enforces SSL trust to
prevent man-in-the-middle attacks. If your instance of Burp is
unable to poll directly over HTTPS due to network or other limitations, you
can opt to poll over unencrypted HTTP.
- Run health check - This button displays a
dialog that performs a quick health check of your configured
Collaborator server. It verifies whether it is possible to interact
with the server using various network services, and whether Burp can
retrieve the details of these interactions via polling. Based on
these tests, you can determine whether Burp is likely to be able to
make use of all, some, or none of the Collaborator's features.
Wednesday, November 2, 2016
1.7.10
This release adds some new APIs that extensions can use to easily implement powerful scan checks and other logic that involves response diffing.
On Friday, to coincide with our Backslash Powered Scanning talk at Black Hat EU, we will be releasing an extension to the BApp Store that demonstrates how the new APIs can be used to create powerful new scanning capabilities.
See all release notes ›