BappDescription.html

<p>
    This extension allows you to find DNS vulnerabilities in web applications!
    <br>
    An in-depth guide for the DNS Analyzer can be found <a href="https://r.sec-consult.com/dnsburp">here</a>.
</p>
<p>Usage</p>
<p>The basic usage boils down to the following steps:</p>
<ol>
    <li>Click "Copy to Clipboard" to generate and copy a Burp Collaborator domain</li>
    <li>Get something to resolve the generated domain via DNS. For example, by using it:</li>
    <ul>
        <li>as an e-mail domain (e.g., test@[collaborator domain])</li>
        <ul>
            <li>Use it at registrations</li>
            <li>Use it at password resets</li>
            <li>Use it for newsletters</li>
            <li>...</li>
        </ul>
        <li>via SSRF</li>
        <li>anywhere, where the collaborator domain gets resolved via DNS</li>
    </ul>
    <li>Analyze the DNS name resolution by selecting DNS interactions in the table</li>
    <li>...</li>
    <li>Profit</li>
</ol>