Connect with us

Hi, what are you looking for?

Cyber Security

DNS Analyzer: A New Burp Suite Extension to Find DNS Flaws in Web Apps

DNS flaws are very common on web applications where the DNS resolvers are vulnerable to Kaminsky attacks.

If threat actors are able to predict portions of a DNS query and the source ports, they can exploit these vulnerabilities and gain unauthorized access to the servers.

Dan Kaminsky, the late security researcher, found a DNS flaw in 2008 in several Domain Name Servers (DNS which threat actors could’ve used for cache poisoning leading to several account takeovers, data breaches, and many others.

He developed some mechanisms and techniques for finding DNS flaws called Kaminsky attacks.

Burp Suite – DNS Analyzer

Burp Suite has many extensions contributed to and developed by several security researchers worldwide that can help ease the time and effort of penetration testers.

Most of the extensions are used by threat researchers worldwide, including Logger++, Turbo Intruder, Authorize, etc., 

However, a new extension has been released by Burp Suite called “DNS Analyzer,” which can help find DNS flaws. This extension can make Burp Collaborator act as a replacement for DNS Analysis Server.

DNS Analyzer Attack Flow

Burp Suite DNS Analyzer
DNS Analyzer Attack Flow Source: SEC-Consult

The DNS analyzer will work alongside Burp Collaborator and create a domain name like “abclskjs.oastify.com.” This domain name is then used for testing in the forgot password, Registration, newsletter, etc.

The web application resolves the domain name by using a DNS Resolver.

When the DNS resolver sends the query to resolve the domain name, it is captured by the DNS Analyzer, which sends a non-manipulated DNS response to the DNS resolver.

The DNS Analyzer then examines the DNS interactions made between the Burp Collaborator and the Web application.

complete report on the working structure of this extension and the Kaminsky attack is published.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/dns-analyzer-burp-suite/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO