- Use Burp Suite to intercept and modify the request that submits feedback.
Right-click and select "Insert Collaborator payload" to insert a Burp Collaborator subdomain where indicated in the modified
The solution described here is sufficient simply to trigger a DNS lookup and so solve the lab. In a real-world situation, you would use Burp Collaborator to verify that your payload had indeed triggered a DNS lookup. See the lab on blind OS command injection with out-of-band data exfiltration for an example of this.