Home

Awesome

DNS Analyzer

A Burp Suite extension for discovering DNS vulnerabilities in web applications!
An in-depth guide for the DNS Analyzer can be found here.

Install

The DNS Analyzer extension can be installed directly from the BApp Store in Burp Suite!
Extensions > BApp Store > DNS Analyzer

Compile & Install

You can download the precompiled JAR from releases.
Or, you can build this project via the fatJar gradle task:

The compiled JAR can then be found under build/libs/.

To load the extension via Burp Suite Professional, navigate to Extensions > Installed > Add and select DNSAnalyzer-all-1.0.jar as .jar file.

Howto

The basic usage boils down to the following steps:

  1. Click "Copy to Clipboard" to generate and copy a Burp Collaborator domain
  2. Get something to resolve the generated domain via DNS. For example, by using it:
    • as an e-mail domain (e.g., test@[collaborator domain])
      • Use it at registrations
      • Use it at password resets
      • Use it for news-letters
      • ...
    • via SSRF
    • anywhere, where the collaborator domain gets resolved via DNS
  3. Analyze the DNS name resolution by selecting DNS messages in the table
  4. ...
  5. Profit

Here's an example overview of this process:
DNS Analyzer Overview_small
Advanced usage and more can be found here.

Bug Bounty Tips

Should you be looking for DNS vulnerabilities in bug bounty domains?
YES! However, only report a DNS vulnerability if:

  1. infrastructure is in the scope of the bug bounty program
  2. you've confirmed the vulnerability via in-depth DNS analysis (e.g., via the DNS Analysis Server)

Essentially, don't flood bug bounty programs with DNS vulnerability reports without doing proper research first!

Further Info

As already mentioned, you can find a full DNS Analyzer guide here.
Also, you can find further information about DNS analysis and DNS vulnerabilities in the following blog posts:

Also, the Collaborator server has it's limits. For in-depth DNS analysis you can use the DNS Analysis Server.