What exactly is meant by 'External Service Interaction' reported by Burp Suite?

security burp client-side-attacks server-side-attacks

user937999 · Oct 15, 2017 · Viewed 7.1k times · Source

Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like inviting other people to our website.

The page is supposed to send email to the addresses user enters, thus the server will resolve domain name in the email addresses like gmail.com, hotmail.com etc.

The Burp Suite says, this could be used as attack proxy. We have mechanisms to stop DDoS attacks on our site thus reducing attack surface on our website.

What are other kinds of attacks that is possible and what preventive mechanisms should we deploy?

Answer

The External Service Interaction arise when it is possible for a attacker to induce application to interact with the arbitrary external service such as DNS etc.

The ESI can is not limited to HTTP,HTTPS or DNS, you can lead to FTP, SMTP etc. Such weakness can lead to DDoS attack.

Such ESI can lead to

DDoS Attack
OS Command Injection
Code Manipulation
DoS Attack

To mitigate it

Review Source Code for functions such as dns.resolve() , dns.query() , sys_exec() etc
Use whitelist check, boundary based validation and sanitization
Maintain whitelist at network and web front

What exactly is meant by 'External Service Interaction' reported by Burp Suite?

Answer

Related questions