Cyber Security News

DNS Analyzer: A New Burp Suite Extension to Find DNS Flaws in Web Apps

DNS flaws are very common on web applications where the DNS resolvers are vulnerable to Kaminsky attacks.

If threat actors are able to predict portions of a DNS query and the source ports, they can exploit these vulnerabilities and gain unauthorized access to the servers.

Dan Kaminsky, the late security researcher, found a DNS flaw in 2008 in several Domain Name Servers (DNS which threat actors could’ve used for cache poisoning leading to several account takeovers, data breaches, and many others.

He developed some mechanisms and techniques for finding DNS flaws called Kaminsky attacks.

Burp Suite – DNS Analyzer

Burp Suite has many extensions contributed to and developed by several security researchers worldwide that can help ease the time and effort of penetration testers.

Most of the extensions are used by threat researchers worldwide, including Logger++, Turbo Intruder, Authorize, etc., 

However, a new extension has been released by Burp Suite called “DNS Analyzer,” which can help find DNS flaws. This extension can make Burp Collaborator act as a replacement for DNS Analysis Server.

DNS Analyzer Attack Flow

DNS Analyzer Attack Flow Source: SEC-Consult

The DNS analyzer will work alongside Burp Collaborator and create a domain name like “” This domain name is then used for testing in the forgot password, Registration, newsletter, etc.

The web application resolves the domain name by using a DNS Resolver.

When the DNS resolver sends the query to resolve the domain name, it is captured by the DNS Analyzer, which sends a non-manipulated DNS response to the DNS resolver.

The DNS Analyzer then examines the DNS interactions made between the Burp Collaborator and the Web application.

A complete report on the working structure of this extension and the Kaminsky attack is published.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

16 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago