Background I recently worked on a phishing engagement involving a malicious email attachment. The final payload was an executable file that exfiltrated some data back to a server under my control. I’d normally use my attack server for this, but my attack server was already in use, so I opted to use Burp Suite’s Collaborator to catch my exfiltration payloads. My employer has their own collaborator instance, so we don’t have to rely on Portswigger’s and we can keep our clients’ data that much more secure.