Commit f1e1d964 authored by Benjamin "Ziirish" SANS's avatar Benjamin "Ziirish" SANS

Merge branch 'master' into demo

parents 8cfc1a21 a315b6c6
......@@ -22,6 +22,9 @@ indent_size = 4
[Makefile]
indent_style = tab
[*.rst]
indent_style = space
indent_size = 4
[.gitlab-ci.yml}]
indent_style = space
......
......@@ -10,30 +10,35 @@ Current
- Add percent done in `overview <https://git.ziirish.me/ziirish/burp-ui/issues/55>`_
- Add the ability to `chain multiple authentication backends <https://git.ziirish.me/ziirish/burp-ui/issues/79>`_
- Add display versions `within the interface <https://git.ziirish.me/ziirish/burp-ui/issues/89>`_
- Add support for `zip64 <https://git.ziirish.me/ziirish/burp-ui/issues/97>`_
- Add Basic HTTP Authentication
- Add full documented API
- Fix issue `#81 <https://git.ziirish.me/ziirish/burp-ui/issues/81>`_
- Fix issue `#87 <https://git.ziirish.me/ziirish/burp-ui/issues/87>`_
- Fix issue `#88 <https://git.ziirish.me/ziirish/burp-ui/issues/88>`_
- Fix issue `#92 <https://git.ziirish.me/ziirish/burp-ui/issues/92>`_
- Fix issue `#95 <https://git.ziirish.me/ziirish/burp-ui/issues/95>`_
- `demo <https://demo.ziirish.me/>`_
- API refactoring
- Security fixes
- Bugfixes
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.7.1...master>`__
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/0.0.7...master>`__
0.0.7.3
-------
0.0.7.3 (09/26/2015)
--------------------
- Fix issue `#77 <https://git.ziirish.me/ziirish/burp-ui/issues/77>`_
- Doc
0.0.7.2
-------
0.0.7.2 (09/01/2015)
--------------------
- Fix issue `#73 <https://git.ziirish.me/ziirish/burp-ui/issues/72>`_
- Fix issue `#74 <https://git.ziirish.me/ziirish/burp-ui/issues/74>`_
- Doc
0.0.7.1
-------
0.0.7.1 (08/22/2015)
--------------------
- Add `Burp-2 backend <https://git.ziirish.me/ziirish/burp-ui/issues/52>`_
- Add `sortable tables <https://git.ziirish.me/ziirish/burp-ui/issues/51>`_
......@@ -66,8 +71,8 @@ Current
- Bufixes
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.6...v0.0.7.1>`__
0.0.6
-----
0.0.6 (12/15/2014)
------------------
- Add `gunicorn support <https://git.ziirish.me/ziirish/burp-ui/commit/836f522f51ba0706ca94b379d93b20c75e71ecb1>`_
- Add `init script for CentOS <https://git.ziirish.me/ziirish/burp-ui/issues/27>`_
......@@ -87,32 +92,32 @@ Current
- Bugfixes
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.5...v0.0.6>`__
0.0.5
-----
0.0.5 (09/22/2014)
------------------
- Add multi-server support
- Fix bugs
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.4...v0.0.5>`__
0.0.4
-----
0.0.4 (09/07/2014)
------------------
- Add the ability to download files directly from the web interface
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.3...v0.0.4>`__
0.0.3
-----
0.0.3 (09/02/2014)
------------------
- Add authentication
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.2...v0.0.3>`__
0.0.2
-----
0.0.2 (08/25/2014)
------------------
- Fix bugs
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.0.1...v0.0.2>`__
0.0.1
-----
0.0.1 (08/25/2014)
------------------
- Initial release
......@@ -4,7 +4,7 @@ The following License only applies to the burp-ui sources
================================================================================
Copyright (c) 2014-2015 by Benjamin SANS (Ziirish) <ziirish+burpui@ziirish.info>
Copyright (c) 2014-2016 by Benjamin SANS (Ziirish) <hi+burpui@ziirish.me>
http://ziirish.info/
Some rights reserved.
......
share/burpui/etc/buiagent.sample.cfg
\ No newline at end of file
share/burpui/etc/burpui.sample.cfg
\ No newline at end of file
......@@ -7,7 +7,7 @@ jQuery/Bootstrap
:platform: Unix
:synopsis: Burp-UI main module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import os
......@@ -20,7 +20,7 @@ if sys.version_info < (3, 0):
__title__ = 'burp-ui'
__author__ = 'Benjamin SANS (Ziirish)'
__author_email__ = 'ziirish+burpui@ziirish.info'
__author_email__ = 'hi+burpui@ziirish.me'
__url__ = 'https://git.ziirish.me/ziirish/burp-ui'
__doc__ = 'https://burp-ui.readthedocs.org/en/latest/'
__description__ = ('Burp-UI is a web-ui for burp backup written in python with '
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI compatibility module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import sys
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI json compatibility module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import ujson
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI wrapper documentation module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI client api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
# This is a submodule we can also use "from ..api import api"
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI clients api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
# This is a submodule we can also use "from ..api import api"
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI misc api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
# This is a submodule we can also use "from ..api import api"
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI restore api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import select
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI settings api module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import sys
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI exceptions module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
# Agent does not need "real" HTTP errors
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI ACL interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
from abc import ABCMeta, abstractmethod, abstractproperty
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI authentication interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
from flask.ext.login import UserMixin
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI burp1 backend module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import re
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI backend interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
from abc import ABCMeta, abstractmethod
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI parser interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
from ...utils import BUIlogging
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI server module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import traceback
......
......@@ -4,7 +4,7 @@
:platform: Unix
:synopsis: Burp-UI utils module.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import math
......
FROM debian:jessie
MAINTAINER ziirish@ziirish.info
MAINTAINER hi+burpui@ziirish.me
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl uthash-dev g++ make libssl-dev librsync-dev python2.7-dev git python-virtualenv python-pip cron libffi-dev \
......
FROM debian:jessie
MAINTAINER ziirish@ziirish.info
MAINTAINER hi+burpui@ziirish.me
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl uthash-dev g++ make libssl-dev librsync-dev python2.7-dev git python-virtualenv python-pip cron libffi-dev autoconf automake libtool libz-dev libyajl-dev \
......
FROM debian:jessie
MAINTAINER ziirish@ziirish.info
MAINTAINER hi+burpui@ziirish.me
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl python2.7-dev git python-virtualenv gunicorn python-pip cron libffi-dev \
......
FROM debian:jessie
MAINTAINER ziirish@ziirish.info
MAINTAINER hi+burpui@ziirish.me
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl uthash-dev g++ make libssl-dev librsync-dev git cron \
......
FROM debian:jessie
MAINTAINER ziirish@ziirish.info
MAINTAINER hi+burpui@ziirish.me
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales wget curl uthash-dev g++ make libssl-dev librsync-dev git cron autoconf automake libtool libz-dev libyajl-dev \
......
......@@ -12,9 +12,10 @@ git clone $BURP
cd burp
git checkout tags/$BURP_VERSION
autoreconf -vif
./configure
./configure --prefix=/usr --sysconfdir=/etc/burp --localstatedir=/var
make -j4
make install
#make install-all
# configure supervisord log rotation
cat > /etc/logrotate.d/supervisord <<EOF
......
......@@ -21,4 +21,19 @@
{% if pagename == 'index' %}
</div>
{% endif %}
<!-- Piwik -->
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//ziirish.info/piwik/";
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', 5]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<noscript><p><img src="//ziirish.info/piwik/piwik.php?idsite=5" style="border:0;" alt="" /></p></noscript>
<!-- End Piwik Code -->
{%- endblock %}
......@@ -68,6 +68,17 @@ The architecture is described bellow:
+--------------------+
Requirements
------------
The agent is powered by gevent. In order to install it, you can run the
following command:
::
pip install "burp-ui[agent]"
Configuration
-------------
......@@ -122,13 +133,13 @@ Here is a full usage example:
::
# On the server called 'agent1'
agent1:~$ python path/to/bui-agent -c path/to/buiagent.cfg
agent1:~$ bui-agent -c path/to/buiagent.cfg
# On the server called 'agent2'
agent2:~$ python path/to/bui-agent -c path/to/buiagent.cfg
agent2:~$ bui-agent -c path/to/buiagent.cfg
# On the server called 'front'
front:~$ python path/to/burp-ui -c path/to/burpui.cfg
front:~$ burp-ui -c path/to/burpui.cfg
This example uses three servers. You then only need to point your browser to
......
......@@ -52,7 +52,7 @@ master_doc = 'index'
# General information about the project.
project = u'Burp-UI'
copyright = u'2015, Ziirish'
copyright = u'2016, Ziirish'
author = u'Ziirish'
# The version info for the project you're documenting, acts as replacement for
......@@ -213,7 +213,7 @@ html_logo = '_static/logo.png'
#html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'Burp-UIdoc'
htmlhelp_basename = 'Burp-UI doc'
# -- Options for LaTeX output ---------------------------------------------
......@@ -280,7 +280,7 @@ man_pages = [
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'Burp-UI', u'Burp-UI Documentation',
author, 'Burp-UI', 'One line description of project.',
author, 'Burp-UI', 'Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap.',
'Miscellaneous'),
]
......
......@@ -27,6 +27,7 @@ Documentation
contributing
changelog
faq
step-by-step
developer
......
......@@ -27,8 +27,8 @@ By default `Burp-UI`_ ships with a sample file located in
virtualenv)
.. note::
It is advised to copy the sample configuration in ``/etc/burp/burpui.cfg``
and to edit this file so that it is not overwritten on every upgrade.
It is advised to copy the sample configuration in ``/etc/burp/burpui.cfg``
and to edit this file so that it is not overwritten on every upgrade.
Then you can run ``burp-ui``: ``burp-ui``
......
......@@ -9,13 +9,21 @@ The project also provides a full documented `API <api.html>`_ so that you can
develop any front-end you like on top of it. The core will take care of the
communication with the burp server(s) for you.
.. note::
Although the `Burp`_'s author and I exchange a lot, our products are totally
distinct. So I would like people to understand some issues might be related
to `Burp-UI`_, but some other might be related to `Burp`_ and I may not be
able to help you in the later case.
There is a dedicated mailing-list for `Burp`_ related issues. You can find
details `here <http://burp.grke.org/contact.html>`_
Known Issues
------------
Because it's an Open Source project, people are free (and encouraged) to open
issues in the `bug-tracker <https://git.ziirish.me/ziirish/burp-ui/issues>`_.
You will find there the current opened issues.
issues in the `bug-tracker <https://git.ziirish.me/ziirish/burp-ui/issues>`_
where will find there the current opened issues.
There are also a few issues unrelated to the code itself:
......
......@@ -4,6 +4,10 @@ Requirements
Please note that, `Burp-UI`_ must be running on the same server that runs the
burp-server for some features.
.. note::
At the moment, `Burp-UI`_ and this doc is mostly debian-centric but feel
free to contribute for other distributions!
LDAP
----
......@@ -27,10 +31,29 @@ On Debian:
aptitude install python-openssl
Alternatively, you can install the python package using the following command:
::
pip install "burp-ui[ssl]"
Burp1
-----
The `burp1 backend <usage.html#burp1>`__ supports burp versions from 1.3.48 to
1.4.40.
With these versions of burp, the status port is only listening on the machine
loopback (ie. ``localhost`` or ``127.0.0.1``). It means you *MUST* run
`Burp-UI`_ on the same host that is running your burp server in order to be able
to access burp's statistics.
Alternatively, you can use a `bui-agent <buiagent.html>`__.
Burp2
-----
The `burp2 backend <usage.html#burp2>`_ supports only burp 2.0.18 and above.
The `burp2 backend <usage.html#burp2>`__ supports only burp 2.0.18 and above.
If you are using an older version of burp2 `Burp-UI`_ will fail to start.
.. _Burp-UI: https://git.ziirish.me/ziirish/burp-ui
Step By Step
============
Although `Burp-UI`_ tries to make `Burp`_ accessible to everyone, both products
have their complexity.
In this *Step by Step*, I would like to introduce you different use-cases with
their associated configurations, descriptions and comments.
In every case, we will consider neither `Burp`_ or `Burp-UI`_ are installed and
describe the steps to setup your server from Scratch.
.. note::
Again, this part of the doc is mostly debian-centric. If some users are
willing to adapt these examples with other distros I would be very thankful.
1. `Burp1 server`_ with `Burp-UI`_
2. `Burp2 server`_ with `Burp-UI`_
3. `Multiple servers`_ with `bui-agents <buiagent.html>`_
Burp1 server
------------
In this scenario, we are going to install a `Burp`_ server version 1.4.40 which
is the current stable version. We assume you are using the user *root* to run
the following commands.
We begin with the installation of `Burp`_ itself.
First, we need some system requirements in order to compile `Burp`_ and to
install `Burp-UI`_:
::
apt-get update
apt-get install uthash-dev g++ make libssl-dev librsync-dev python2.7-dev \
git python-pip libffi-dev
Now we retrieve the `Burp`_ sources and then we compile and install it:
::
cd /usr/src
git clone https://github.com/grke/burp.git
cd burp
git checkout tags/1.4.40
./configure --disable-ipv6
make
make install
# we also install init scripts
cp debian/init /etc/init.d/burp
cat >/etc/default/burp<<EOF
RUN="yes"
DAEMON_ARGS="-c /etc/burp/burp-server.conf"
EOF
chmod +x /etc/init.d/burp
update-rc.d burp defaults
It is now time to install `Burp-UI`_:
::
pip install --upgrade burp-ui
Now that everything is installed, let's configure our tools!
In order to perform online restorations, `Burp-UI`_ relies on a classical
`Burp`_ client.
We need to define our client, and we also need to allow it to perform
restorations for other clients. We will set it up globally. Our client will be
named *bui*:
::
# burp-ui client's definition
cat >/etc/burp/clientconfdir/bui<<EOF
password = abcdefgh
EOF
# grant our client to perform restorations for others
echo "restore_client = bui" >>/etc/burp/burp-server.conf
# now we generate ou client configuration
cat >/etc/burp/burp.conf<<EOF
mode = client
port = 4971
server = 127.0.0.1
password = abcdefgh
cname = bui
pidfile = /var/run/burp.bui.pid
syslog = 0
stdout = 1
progress_counter = 1
ca_burp_ca = /usr/sbin/burp_ca
ca_csr_dir = /etc/burp/CA-client
# SSL certificate authority - same file on both server and client
ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
# Client SSL certificate
ssl_cert = /etc/burp/ssl_cert-client.pem
# Client SSL key
ssl_key = /etc/burp/ssl_cert-client.key
# SSL key password
ssl_key_password = password
# Common name in the certificate that the server gives us
ssl_peer_cn = burpserver
# The following options specify exactly what to backup.
include = /home
EOF
Our `Burp`_ server is now set up, we can start it:
::
/etc/init.d/burp start
Now we can configure `Burp-UI`_. The package comes with a default configuration
and init scripts. We copy them at the right place:
::
cp /usr/local/share/burpui/contrib/debian/init.sh /etc/init.d/burp-ui
chmod +x /etc/init.d/burp-ui
update-rc.d burp-ui defaults
cp /usr/local/share/burpui/etc/burpui.sample.cfg /etc/burp/burpui.cfg
The default configuration is plug and play for this case, we just have to start
`Burp-UI`_:
::
/etc/init.d/burp-ui start
Your server is now fully set-up, you can access `Burp-UI`_ by pointing your
browser to: http://server_ip:5000/
The default user / password is: admin / admin
For further customization, you can refer to the `usage`_ page of this
documentation.
Burp2 server
------------
[TODO]
Multiple servers
----------------
[TODO]
.. _Burp-UI: https://git.ziirish.me/ziirish/burp-ui
.. _Burp: http://burp.grke.net/
.. _usage: usage.html
......@@ -4,24 +4,27 @@ Usage
`Burp-UI`_ has been written with modularity in mind. The aim is to support
`Burp`_ from the stable to the latest versions. `Burp`_ exists in two major
versions: 1.x.x and 2.x.x.
The version 2.x.x is currently in heavy development and should bring a lot of
improvements, but also a lot of rework especially regarding the ``status port``
which is the main communication system between `Burp`_ and `Burp-UI`_.
.. note::
The version 2.x.x of `Burp`_ is currently in heavy development and should
bring a lot of improvements, but also a lot of rework especially regarding
the ``status port`` which is the main communication system between `Burp`_
and `Burp-UI`_.
Both `Versions`_ are supported by `Burp-UI`_ thanks to its modular design.
The consequence is you have various options in the configuration file to suite
every bodies needs.
everybody needs.
There are also different modules to support `Authentication`_ and `ACL`_ within
the web-interface.
.. warning::
`Burp-UI`_ tries to be the less intrusive as possible, nevertheless it ships
with the ability to manage `Burp`_'s configuration files.
This feature **requires** `Burp-UI`_ to be launched on the **same** server
that hosts your `Burp`_ instance.
You also have to make sure the user that runs `Burp-UI`_ has **enough**
privileges to edit those files.
`Burp-UI`_ tries to be as less intrusive as possible, nevertheless it ships
with the ability to manage `Burp`_'s configuration files.
This feature **requires** `Burp-UI`_ to be launched on the **same** server
that hosts your `Burp`_ instance.
You also have to make sure the user that runs `Burp-UI`_ has **enough**
privileges to edit those files.
Configuration
......@@ -215,13 +218,19 @@ Versions
These backends allow you to either connect to a `Burp`_ server version 1.x.x or
2.x.x.
If you are using a `Burp`_ server version 2.x.x you **have** to use the `Burp2`_
backend, no matter what `Burp`_'s protocol you are using.
.. note::
If you are using a `Burp`_ server version 2.x.x you **have** to use the
`Burp2`_ backend, no matter what `Burp`_'s protocol you are using.
Burp1
^^^^^
.. note::
Make sure you have read and understood the `requirements
<requirements.html#burp1>`__ first.
The *burp-1* backend can be enabled by setting the *version* option to *1* in
the ``[Global]`` section of your `burpui.cfg`_ file:
......@@ -269,6 +278,10 @@ Each option is commented, but here is a more detailed documentation:
Burp2
^^^^^