1. Azure machine and port forwarding

Deploy a Linux machine on Azure and open the following ports, I have used a Ubuntu Server 18.04.

Port 25 y 587 -> SMTP

Port 53 -> DNS

Port 80 -> HTTP

Port 443 -> HTTPS

Port 465 -> SMTPS

Port 9090 -> HTTP (Polling)

Port 9443 -> HTTPS (Polling)

Azure Network Admin Panel

Now, it´s a good moment to remember the public and private IP address of the machine.

Update

sudo apt-get update && sudo apt-get upgrade

Install Java Runtime Environment (JRE)

sudo apt-get install default-jre

Create a folder to store all the necessary files

sudo mkdir -p /usr/local/collaborator

Copy de Burp Suite Pro .jar file in the previously created folder and rename it to collaborator.jar

sudo mv /usr/local/collaborator/burpsuite_pro_v1.7.37.jar /usr/local/collaborator/collaborator.jar

2. Get a free custom domain

Freenom is a free domain provider, choose yours and then go to the domain administrator to change the nameservers to Azure.

Freenom domain admin panel

From now on we will no longer need to access Freenom, we will manage everything from Azure, remember to wait a prudent time for DNS propagation.

3. Make a collaborator configuration file

We remember the public and private IP addresses of step one

Create a collaborator configuration file

sudo nano /usr/local/collaborator/collaborator.config

Code:

{

"serverDomain" : "burp.mydomain.tk",

"workerThreads" : 10,

"eventCapture": {

"localAddress" : ["10.*.*.*"],

"publicAddress" : "40.*.*.*",

"http": {

"ports" : 80

},

"https": {

"ports" : 443

},

"smtp": {

"ports" : [25, 587]

},

"smtps": {

"ports" : 465

},

"ssl": {

"certificateFiles" : [

"/usr/local/collaborator/keys/privkey.pem",

"/usr/local/collaborator/keys/cert.pem",

"/usr/local/collaborator/keys/fullchain.pem" ]

}

},

"polling" : {

"localAddress" : "10.*.*.*",

"publicAddress" : "40.*.*.*",

"http": {

"port" : 9090

},

"https": {

"port" : 9443

},

"ssl": {

"hostname" : "burp.mydomain.tk"

}

},

"metrics": {

"path" : "hackpuntes",

"addressWhitelist" : ["0.0.0.0/24"]

},

"dns": {

"interfaces" : [{

"name": "ns1",

"localAddress" : "10.*.*.*",

"publicAddress" : "40.*.*.*"

}],

"ports" : 53

},

"logLevel" : "INFO"

}

Change the value of path, serverDomain, hostname, localAddress and publicAddress.

View another example file

4. Create files needed to generate and move certificates

From collaborator folder created in step 2, download a certbot-auto file

Execution permissions to all users

sudo chmod a+x ./certbot-auto

Now, make another file to move certificates to the correct folder

sudo nano /usr/local/collaborator/configure_certs.sh

Code:

#!/bin/bash



CERTBOT_DOMAIN=$1

if [ -z $1 ];

then

echo "Missing mandatory argument. "

echo " - Usage: $0 &amp;lt;domain&amp;gt; "

exit 1

fi

CERT_PATH=/etc/letsencrypt/live/$CERTBOT_DOMAIN/

mkdir -p /usr/local/collaborator/keys/



if [[ -f $CERT_PATH/privkey.pem &amp;amp;&amp;amp; -f $CERT_PATH/fullchain.pem &amp;amp;&amp;amp; -f $CERT_PATH/cert.pem ]]; then

cp $CERT_PATH/privkey.pem /usr/local/collaborator/keys/

cp $CERT_PATH/fullchain.pem /usr/local/collaborator/keys/

cp $CERT_PATH/cert.pem /usr/local/collaborator/keys/

echo "Certificates installed successfully"

else

echo "Unable to find certificates in $CERT_PATH"

fi

View another example file

5. Get certificates from Let´s Encrypt

Before requesting certificates from Let´s Encrypt, we must add it as CAA in Azure. Otherwise, we can get the DNS problem: SERVFAIL looking up CAA for

Error DNS problem: SERVFAIL looking up

Enter Azure’s console

Top menu of Azure

Copy the following lines, edit them with your configuration and execute them in the console.

Azure console



$caaRecords += New-AzureRmDnsRecordConfig -CaaFlag "0" -CaaTag "iodef" -CaaValue "me

$caaRecords += New-AzureRmDnsRecordConfig -CaaFlag "0" -CaaTag "issue" -CaaValue "letsencrypt.org"

New-AzDnsRecordSet -Name "@" -RecordType CAA -ZoneName "MYDOMAIN.TK" -ResourceGroupName [AZURE-DNS-ZONE] -Ttl 3600 -DnsRecords $caaRecords $caaRecords = @()$caaRecords += New-AzureRmDnsRecordConfig -CaaFlag "0" -CaaTag "iodef" -CaaValue "me @mydomain.tk $caaRecords += New-AzureRmDnsRecordConfig -CaaFlag "0" -CaaTag "issue" -CaaValue "letsencrypt.org"New-AzDnsRecordSet -Name "@" -RecordType CAA -ZoneName "MYDOMAIN.TK" -ResourceGroupName [AZURE-DNS-ZONE] -Ttl 3600 -DnsRecords $caaRecords

View this file for more information

In the DNS Zone, we will now see something like the following

DNS Zone of Azure

Time to launch the following command

Verification of Let´s Encrypt

Before we move on, we need to add two TXT records with prefix _acme-challenge and the previous values in Azure DNS Zone, also we took advantage of this step and added an A record to IP public address and another NS record from burp.mydomain.tk to ns1.burp.mydomain.tk

Azure DNS Zone

Press Enter and wait for this message.

Verification script of Let´s Encrypt

Finally, move the certificates

chmod +x /usr/local/collaborator/configure_certs.sh && /usr/local/collaborator/configure_certs.sh burp.mydomain.com

6. Run Collaborator

We have two options to boot collaborator. The first one is through an alias and the second is by creating a service that boots into the system. If you use this machine only for the Burp Collaborator, perhaps the most recommended option will be to create a service, otherwise, I recommend you create an alias.

Alias

Edit .bashrc file and add the collaborator alias

sudo nano .bashrc

Add new line

alias collaborator='sudo java -jar /usr/local/collaborator/collaborator.jar --collaborator-server --collaborator-config=/usr/local/collaborator.config'

Open a new terminal and run next command

collaborator

Run Collaborator

Service

Create a collaborator.service file and copy the following code

sudo nano /etc/systemd/system/collaborator.service

Code:

[Unit]

Description=Burp Collaborator Server Daemon

After=network.target



[Service]

Type=simple

User=$USER

UMask=007

ExecStart=/usr/bin/java -Xms10m -Xmx200m -XX:GCTimeRatio=19 -jar /usr/local/collaborator/collaborator.jar --collaborator-server --collaborator-config=/usr/local/collaborator/collaborator.config

Restart=on-failure



# Configures the time to wait before service is stopped forcefully.

TimeoutStopSec=300



[Install]

WantedBy=multi-user.target

Enable service

systemctl enable collaborator

Run service

systemctl start collaborator

7. Configure Burp Suite to use private Collaborator

In our Burp Suite project, go to Project Options -> Misc and in Burp Collaborator Server section use the option “Use a private Collaborator server” and insert your domain. Press the “Run health check” button. The result of this Health Check should be green lines without errors.

Health Check on Burp Suite

8. Acknowledgement

To Fabio Pires for his tutorial, which has helped me to write this post.

for his tutorial, which has helped me to write this post. My company , for offering me everything I need to do this post.

, for offering me everything I need to do this post. My coworkers Pedro, Arenas and Luis Miguel for helping me in my English writing.

Spanish version here

Follow me on Twitter and LinkedIn

Goodbye!