This allows us to always have a static IP which can be linked to AWS virtual machines.
Then click Next: Configure Instance Details. Select t2.micro or t3.micro depending on which has the free tier eligible tag on your AWS region.Navigate to Instance wizard and select Ubuntu Server 18.04 LTS (HVM), SSD Volume Type.First, lets create the virtual machine.Log in to your AWS-account and follow the steps: Allow inbound SMTP(S), HTTP(S) and DNS from everywhere and ports 9090&9443 from your own IP.įirst we’ll need to create a virtual machine for the Collaborator. TL DR: Create Ubuntu Server 18.04 instance and assign Elastic IP to it. Step 1: Create AWS Instance and Elastic IP If you’d like to use some completely other IaaS-platform, make sure that the VM’s network interface IP matches the public IP and the script should yet again work. Note: If you’d like to use DigitalOcean instead of AWS, the automation script supports also that (with and without floating IP). This blog post guides how to set up private Burp Collaborator instance on Amazon AWS and how to configure it to use a whole domain with a free Let’s Encrypt SSL-certificate. Luckily, the Burp collaborator can also be self-hosted and set to use a whole custom domain. However on the rare occasions it can be blacklisted / blocked or otherwise unreachable from the target. This can be used for example to detect SSRF-vulnerabilities and exfiltrate data.īurp Suite Professional provides a collaborator service under the domain and using it is usually fine.
It basically gives you unique subdomains and logs all interactions (DNS, HTTP(S), SMTP(S)) towards the subdomains. The Burp Suite Collaborator is a valuable tool for penetration testers and bug bounty hunters. Self-hosted Burp collaborator for fun and profit
0 kommentar(er)
