A Burp Suite extension for discovering DNS vulnerabilities in web applications!
An in-depth guide for the DNS Analyzer can be found here.
The DNS Analyzer extension can be installed directly from the BApp Store in Burp Suite!
Extensions > BApp Store > DNS Analyzer
You can download the precompiled JAR from releases.
Or, you can build this project via the fatJar
gradle task:
./gradlew fatJar
gradlew.bat fatJar
The compiled JAR can then be found under build/libs/
.
To load the extension via Burp Suite Professional, navigate to Extensions > Installed > Add
and select
DNSAnalyzer-all-1.0.jar
as .jar file.
The basic usage boils down to the following steps:
Here's an example overview of this process:
Advanced usage and more can be found here.
Should you be looking for DNS vulnerabilities in bug bounty domains?
YES! However, only report a DNS vulnerability if:
Essentially, don't flood bug bounty programs with DNS vulnerability reports without doing proper research first!
As already mentioned, you can find a full DNS Analyzer guide here.
Also, you can find further information about DNS analysis and DNS vulnerabilities in the following blog posts:
Also, the Collaborator server has it's limits. For in-depth DNS analysis you can use the DNS Analysis Server.