Even though the instance is assumed to be a burner, make it use something less-privileged than the root-user.

i deploy on amazon i got this bug :/ i follow the tutorial.. i setup godaddy..

The script fails on some cases with newest ubuntu due to dangling symlink and/or failure on the grep line.

Find out why and fix.

Trying to install privatecollaborator on AWS EC2 instance but getting following error when running your script:

$ sudo ./install.sh mmqbc.de
...
...
challenge failed for domain mmqbc.de
Challenge failed for domain mmqbc.de
dns-01 challenge for mmqbc.de
dns-01 challenge for mmqbc.de
Cleaning up challenges
Running manual-cleanup-hook command: ./cleanup.sh
Running manual-cleanup-hook command: ./cleanup.sh
manual-cleanup-hook command "./cleanup.sh" returned error code 1
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mmqbc.de
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.mmqbc.de

   Domain: mmqbc.de
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.mmqbc.de
cp: cannot stat '/etc/letsencrypt/live/mmqbc.de/privkey.pem': No such file or directory
cp: cannot stat '/etc/letsencrypt/live/mmqbc.de/fullchain.pem': No such file or directory
cp: cannot stat '/etc/letsencrypt/live/mmqbc.de/cert.pem': No such file or directory

Setup:

Complete setup of goddady DNS management and EC2 was done according to the
https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain/

Edit1:
More than 48 hours passed since setting up DNS in godaddy domain management console.

Add following functionalities to the collaborator:

• Serving custom html-content (issue #11).
• Catching connection attempts also to ports that are not listening.
• Catching invalid HTTP-requests to HTTP-ports.
• Dockerize the whole thing.
• Create some kind of one-click-deploy to AWS.

Allow showing custom html-content on non-collaborator domains.

As an example, if the Collaborator domain is collab.fi:

• kd1xhdfayno240wkmpugi1onkeqaez.collab.fi should point to Burp Collaborator
• www.collab.fi and collab.fi should not point at Collaborator and should have customizable html.

Hi Putsi,

Thanks for this awesome script!

I tried running this on a fresh AWS Ubuntu 18.04. After running install.sh, name resolution stopped working. Commenting out these lines from install.sh seem to solve the issue:

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
rm -rf /etc/resolv.conf
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo "options edns0" >> /etc/resolv.conf
echo "search eu-north-1.compute.internal" >> /etc/resolv.conf

• Make the script non-interactive (apt and email).
• Make the script handle errors properly. If the certbot fails, try to run it again atleast couple of times.

I'm a fan of "security by default" and would restrict the metrics section within the default collaborator.config to prevent undesired exposure (although not really sensitive):

"metrics": {  
   "path" : "burp-metrics-path", 
   "addressWhitelist" : ["127.0.0.1/32"]
 }

"We communicated with the collaborator, and appeared to successfully record events, however when we attempted to retrieve the interaction records the expected records weren't present."

Support DigitalOcean and also using on a non-platform host that is directly connected to internet.

Based on the install.sh script, the Let's Encrypt certificates need to be copied to the desired collaborator directory. This is missing within the renewcert.sh script:

CERT_PATH=/etc/letsencrypt/live/$DOMAIN
mkdir -p /usr/local/collaborator/keys/
cp $CERT_PATH/privkey.pem /usr/local/collaborator/keys/
cp $CERT_PATH/fullchain.pem /usr/local/collaborator/keys/
cp $CERT_PATH/cert.pem /usr/local/collaborator/keys/