It was already discussed here. Putting here for quick reference.

  1. In Burp go Project options -> Misc and check Poll over unencrypted HTTP
  2. Open Collaborator: Burp menu -> Burp Collaborator client
  3. Run tshark:
$ sudo tshark -Y http -T fields -e http.request.method -e http.request.uri -e -e http.request.uri
  1. ‘Poll’ interactions in the Collaborator client and observe following request in tshark:
GET	/burpresults?biid=KEY
  1. Acquire one or more (depending on your needs) Collaborator’s hostnames (number to generate & ‘copy to clipboard’)

  2. Now you can retreive (also after closing the Collaborator client) interactions with your Collaboarator’s hostnames by requesting:

$ curl