burp-ui 0.0.6

Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

Build Status

Screenshots

What’s that?

Let me introduce you Burp-UI. It is a web-based UI to manage your burp-servers. You can view different reports about burp-servers, burp-clients, backups, etc. Burp-UI allows you to perform on-the-fly restorations and should allow you to edit/manage your burp-server’s conf file very soon.

It is actually an improvement of the burp status monitor (burp -c /etc/burp/burp-server.conf -a s).

It currently supports only the burp-1.x branch but it is totally modular so supporting burp-2.x won’t be a big deal. So in order to work properly, you must be running Burp-UI on the same host that runs your burp-server (because the burp status port only listen on localhost). If you don’t want to, I developed a bui-agent that allows you to proxify external commands to your burp status port.

Who are you?

I’m Ziirish, a French sysadmin that loves Burp and would like to help its adoption by providing it a nice and powerful interface. If you like my work, you can:

• Thank me by sending me an email or writing a nice comment

• Buy me a beer or some fries or both!

• Make a donation on my Paypal

Contributing

Contributions are welcome. You can help in any way you want, for instance by opening issues on the bug tracker, sending patches, etc. There is also a dedicated website. Currently it only hosts a Discourse instance where you ca discuss with each other. Feel free to use it and post your tips and remarks. The address is: http://burpui.ziirish.me/

Requirements

Please note that currently, Burp-UI must be running on the same server that runs the burp-server.

For LDAP authentication (optional), we need the simpleldap module that requires the following packages on Debian:

aptitude install libsasl2-dev libldap2-dev python-dev

Then we install the module itself:

pip install simpleldap

Installation

Burp-UI is written in Python with the Flask micro-framework. The easiest way to install Flask is to use pip.

On Debian, you can install pip with the following command:

aptitude install python-pip

Once pip is installed, you can install Burp-UI this way:

pip install burp-ui

You can setup various parameters in the burpui.cfg file. This file can be specified with the -c flag or should be present in /etc/burp/burpui.cfg. By default Burp-UI ships with a default file located in $BURPUIDIR/../share/burpui/etc/burpui.cfg.

Then you can run burp-ui: burp-ui

By default, burp-ui listens on all interfaces (including IPv6) on port 5000.

You can then point your browser to http://127.0.0.1:5000/

Development

If you wish to use the latest and yet unstable version (eg. master), you can install it using pip too, but I would recommend you to use a virtualenv.

To do so, run the following commands:

mkdir /opt/bui-venv
pip install virtualenv
virtualenv /opt/bui-venv
source /opt/bui-venv/bin/activate
pip install git+https://git.ziirish.me/ziirish/burp-ui.git

You can uninstall/disable this Burp-UI setup by typing deactivate and removing the /opt/bui-venv directory.

Gunicorn

Starting from v0.0.6, Burp-UI supports Gunicorn in order to handle multiple users simultaneously.

You need to install gunicorn and eventlet:

pip install eventlet
pip install gunicorn

You will then be able to launch Burp-UI this way:

gunicorn -k eventlet -w 4 'burpui:init(conf="/path/to/burpui.cfg")'

Instructions

In order to make the on the fly restoration/download functionality work, you need to check a few things:

1. Provide the full path of the burp (client) binary file

2. Provide the full path of an empty directory where a temporary restoration will be made. This involves you have enough space left on that location on the server that runs Burp-UI

3. Launch Burp-UI with a user that can proceed restorations and that can write in the directory above

4. Make sure to configure a client on the server that runs Burp-UI that can restore files of other clients (option restore_client in burp-server configuration)

Troubleshooting

In case you encounter troubles with Burp-UI, you should run it with the -d flag and paste the relevant output within your bug-report. Please also give the version of burp AND Burp-UI. Since v0.0.6 you can use the -V or --version flag in order to get your version number.

Notes

Please feel free to report any issues on my gitlab. I have closed the github tracker to have a unique tracker system.

TODO

Here is a non-exhaustive list of things I’d like to add.

Also note that in the future, I’d like to write a burp-client GUI. But I didn’t think yet of what to do.

Changelog

• version 0.0.6:

  • Add gunicorn support

  • Add init script for CentOS

  • Add init script for Debian

  • Add autofocus login field on login page

  • Add burp-server configuration panel

  • Fix issue #25

  • Fix issue #26

  • Fix issue #30

  • Fix issue #32

  • Fix issue #33

  • Fix issue #34

  • Fix issue #35

  • Fix issue #39

  • Code cleanup

  • Improve unit tests

  • Bugfixes

  • Full changelog

• version 0.0.5:

  • Add multi-server support

  • Fix bugs

  • Full changelog

• version 0.0.4:

  • Add the ability to download files directly from the web interface

  • Full changelog

• version 0.0.3:

  • Add authentication

  • Full changelog

• version 0.0.2:

  • Fix bugs

  • Full changelog

• version 0.0.1:

  • Initial release

Licenses

Burp-UI is released under the BSD 3-clause License.

But this project is built on top of other tools listed here:

• d3.js (BSD)

• nvd3.js (Apache)

• jQuery (MIT)

• jQuery-UI (MIT)

• fancytree (MIT)

• bootstrap (MIT)

• typeahead (MIT)

• bootswatch theme Slate (MIT)

• angular-bootstrap-switch (Apache)

• angular.js (MIT)

• angular-ui-select (MIT)

• AngularStrap (MIT)

• lodash (MIT)

• Home-made favicon based on pictures from simpsoncrazy

Also note that this project is made with the Awesome Flask micro-framework.

Thanks

Special Thanks to Graham Keeling for its great software! This project would not exist without Burp.