Skip to content
/ DNS-Analyzer Public
forked from The-Login/DNS-Analyzer

A Burp Suite extension for finding DNS vulnerabilities in web applications!

0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SDPhoton/DNS-Analyzer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
BappDescription.html
BappDescription.html
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

DNS Analyzer

A Burp Suite extension for discovering DNS vulnerabilities in web applications!
An in-depth guide for the DNS Analyzer can be found here.

Install (Coming soon!)

The DNS Analyzer extension can be installed directly from the BApp Store in Burp Suite!
Extensions > BApp Store > DNS Analyzer

Compile & Install

You can download the precompiled JAR from releases.
Or, you can build this project via the fatJar gradle task:

  • Linux: ./gradlew fatJar
  • Windows: gradlew.bat fatJar

The compiled JAR can then be found under build/libs/.

To load the extension via Burp Suite Professional, navigate to Extensions > Installed > Add and select DNSAnalyzer-all-1.0.jar as .jar file.

Howto

The basic usage boils down to the following steps:

  1. Click "Copy to Clipboard" to generate and copy a Burp Collaborator domain
  2. Get something to resolve the generated domain via DNS. For example, by using it:
    • as an e-mail domain (e.g., test@[collaborator domain])
      • Use it at registrations
      • Use it at password resets
      • Use it for news-letters
      • ...
    • via SSRF
    • anywhere, where the collaborator domain gets resolved via DNS
  3. Analyze the DNS name resolution by selecting DNS messages in the table
  4. ...
  5. Profit

Here's an example overview of this process:
DNS Analyzer Overview_small
Advanced usage and more can be found here.

Bug Bounty Tips

Should you be looking for DNS vulnerabilities in bug bounty domains?
YES! However, only report a DNS vulnerability if:

  1. infrastructure is in the scope of the bug bounty program
  2. you've confirmed the vulnerability via in-depth DNS analysis (e.g., via the DNS Analysis Server)

Essentially, don't flood bug bounty programs with DNS vulnerability reports without doing proper research first!

Further Info

As already mentioned, you can find a full DNS Analyzer guide here.
Also, you can find further information about DNS analysis and DNS vulnerabilities in the following blog posts:

Also, the Collaborator server has it's limits. For in-depth DNS analysis you can use the DNS Analysis Server.

About

A Burp Suite extension for finding DNS vulnerabilities in web applications!

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 97.0%
  • HTML 3.0%