Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
Project description
Build Status
Screenshots
What’s that?
Let me introduce you Burp-UI. It is a web-based UI to manage your burp-servers. You can view different reports about burp-servers, burp-clients, backups, etc. Burp-UI allows you to perform on-the-fly restorations and should allow you to edit/manage your burp-server’s conf file very soon.
It is actually an improvement of the burp status monitor (burp -c /etc/burp/burp-server.conf -a s).
It currently supports only the burp-1.x branch but it is totally modular so supporting burp-2.x won’t be a big deal. So in order to work properly, you must be running Burp-UI on the same host that runs your burp-server (because the burp status port only listen on localhost). If you don’t want to, I developed a bui-agent that allows you to proxify external commands to your burp status port.
Who are you?
I’m Ziirish, a French sysadmin that loves Burp and would like to help its adoption by providing it a nice and powerful interface. If you like my work, you can:
Thank me by sending me an email or writing a nice comment
Buy me a beer or some fries or both!
Make a donation on my Paypal
Contributing
Contributions are welcome. You can help in any way you want, for instance by opening issues on the bug tracker, sending patches, etc. There is also a dedicated website. Currently it only hosts a Discourse instance where you ca discuss with each other. Feel free to use it and post your tips and remarks. The address is: http://burpui.ziirish.me/
Requirements
Please note that currently, Burp-UI must be running on the same server that runs the burp-server.
For LDAP authentication (optional), we need the simpleldap module that requires the following packages on Debian:
aptitude install libsasl2-dev libldap2-dev python-dev
Then we install the module itself:
pip install simpleldap
Installation
Burp-UI is written in Python with the Flask micro-framework. The easiest way to install Flask is to use pip.
On Debian, you can install pip with the following command:
aptitude install python-pip
Once pip is installed, you can install Burp-UI this way:
pip install burp-ui
You can setup various parameters in the burpui.cfg file. This file can be specified with the -c flag or should be present in /etc/burp/burpui.cfg. By default Burp-UI ships with a default file located in $BURPUIDIR/../share/burpui/etc/burpui.cfg.
Then you can run burp-ui: burp-ui
By default, burp-ui listens on all interfaces (including IPv6) on port 5000.
You can then point your browser to http://127.0.0.1:5000/
Development
If you wish to use the latest and yet unstable version (eg. master), you can install it using pip too, but I would recommend you to use a virtualenv.
To do so, run the following commands:
mkdir /opt/bui-venv pip install virtualenv virtualenv /opt/bui-venv source /opt/bui-venv/bin/activate pip install git+https://git.ziirish.me/ziirish/burp-ui.git
You can uninstall/disable this Burp-UI setup by typing deactivate and removing the /opt/bui-venv directory.
Gunicorn
Starting from v0.0.6, Burp-UI supports Gunicorn in order to handle multiple users simultaneously.
You need to install gunicorn and eventlet:
pip install eventlet pip install gunicorn
You will then be able to launch Burp-UI this way:
gunicorn -k eventlet -w 4 'burpui:init(conf="/path/to/burpui.cfg")'
Instructions
In order to make the on the fly restoration/download functionality work, you need to check a few things:
Provide the full path of the burp (client) binary file
Provide the full path of an empty directory where a temporary restoration will be made. This involves you have enough space left on that location on the server that runs Burp-UI
Launch Burp-UI with a user that can proceed restorations and that can write in the directory above
Make sure to configure a client on the server that runs Burp-UI that can restore files of other clients (option restore_client in burp-server configuration)
Troubleshooting
In case you encounter troubles with Burp-UI, you should run it with the -d flag and paste the relevant output within your bug-report. Please also give the version of burp AND Burp-UI. Since v0.0.6 you can use the -V or --version flag in order to get your version number.
Notes
Please feel free to report any issues on my gitlab. I have closed the github tracker to have a unique tracker system.
TODO
Here is a non-exhaustive list of things I’d like to add.
Also note that in the future, I’d like to write a burp-client GUI. But I didn’t think yet of what to do.
Changelog
version 0.0.6:
version 0.0.5:
Add multi-server support
Fix bugs
version 0.0.4:
Add the ability to download files directly from the web interface
version 0.0.3:
Add authentication
version 0.0.2:
Fix bugs
version 0.0.1:
Initial release
Licenses
Burp-UI is released under the BSD 3-clause License.
But this project is built on top of other tools listed here:
bootswatch theme Slate (MIT)
Home-made favicon based on pictures from simpsoncrazy
Also note that this project is made with the Awesome Flask micro-framework.
Thanks
Special Thanks to Graham Keeling for its great software! This project would not exist without Burp.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.