You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Burp Suite extension for discovering DNS vulnerabilities in web applications! An in-depth guide for the DNS Analyzer can be found here.
Install
The DNS Analyzer extension can be installed directly from the BApp Store in Burp Suite! Extensions > BApp Store > DNS Analyzer
Compile & Install
You can download the precompiled JAR from releases. Or, you can build this project via the fatJar gradle task:
Linux: ./gradlew fatJar
Windows: gradlew.bat fatJar
The compiled JAR can then be found under build/libs/.
To load the extension via Burp Suite Professional, navigate to Extensions > Installed > Add and select
DNSAnalyzer-all-1.0.jar as .jar file.
Howto
The basic usage boils down to the following steps:
Click "Copy to Clipboard" to generate and copy a Burp Collaborator domain
Get something to resolve the generated domain via DNS. For example, by using it:
as an e-mail domain (e.g., test@[collaborator domain])
Use it at registrations
Use it at password resets
Use it for news-letters
...
via SSRF
anywhere, where the collaborator domain gets resolved via DNS
Analyze the DNS name resolution by selecting DNS messages in the table
...
Profit
Here's an example overview of this process:
Advanced usage and more can be found here.
Bug Bounty Tips
Should you be looking for DNS vulnerabilities in bug bounty domains? YES! However, only report a DNS vulnerability if:
infrastructure is in the scope of the bug bounty program
you've confirmed the vulnerability via in-depth DNS analysis (e.g., via the DNS Analysis Server)
Essentially, don't flood bug bounty programs with DNS vulnerability reports without doing proper research first!
Further Info
As already mentioned, you can find a full DNS Analyzer guide here.
Also, you can find further information about DNS analysis and DNS vulnerabilities in the following blog posts:
First blog post showing the basics of DNS analysis in web applications
Second blog post showing further DNS analysis methods and exploitation
Also, the Collaborator server has it's limits. For in-depth DNS analysis you can use the DNS Analysis Server.
About
A Burp Suite extension for finding DNS vulnerabilities in web applications!
