Problem after upgrade from burp 1.4.40 to 2.0.36
I have upgraded to burp 2.0.36 But had exactly same problem as shown in issue #120 (closed)
/etc/burp# burp-ui -c burp-ui.conf -v
UI says: Cannot launch burp process: Unable to spawn burp process
ERROR in app [/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py:1423]:
Exception on /api/clients/stats [GET]
--------------------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python2.7/dist-packages/burpui/api/__init__.py", line 125, in decorated_view
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restful/__init__.py", line 477, in wrapper
resp = resource(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/views.py", line 84, in view
return self.dispatch_request(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/resource.py", line 42, in dispatch_request
resp = meth(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_cache/__init__.py", line 297, in decorated_function
rv = f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/marshalling.py", line 101, in wrapper
resp = f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/api/clients.py", line 362, in get
api.abort(500, str(e))
File "/usr/local/lib/python2.7/dist-packages/burpui/api/__init__.py", line 155, in abort
super(ApiWrapper, self).abort(code, message, **kwargs) # pragma: no cover
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/api.py", line 351, in abort
abort(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/errors.py", line 29, in abort
flask.abort(code)
File "/usr/local/lib/python2.7/dist-packages/burpui/../werkzeug/exceptions.py", line 646, in __call__
raise self.mapping[code](*args, **kwargs)
InternalServerError: 500: Internal Server Error
::ffff:10.100.64.160 - - [08/Apr/2016 19:57:46] "GET /api/clients/stats HTTP/1.1" 500 -
::ffff:10.100.64.160 - - [08/Apr/2016 19:57:46] "GET /api/clients/backup-running HTTP/1.1" 200 -
I have downgraded flask to suggested version.
Here is my output of pip freeze
pip freeze
aniso8601==1.1.0
arrow==0.7.0
burp-ui==0.1.3
chardet==2.0.1
colorama==0.2.5
configobj==4.7.2
dnspython==1.11.1
eventlet==0.18.4
Flask==0.10.1
Flask-Bower==1.2.1
Flask-Cache==0.13.1
Flask-Login==0.3.2
Flask-RESTful==0.3.5
flask-restplus==0.8.6
Flask-WTF==0.12
functools32==3.2.3.post2
gevent==1.1.1
greenlet==0.4.9
gunicorn==19.3.0
html5lib==0.999
inv-automation==0.2
iotop==0.6
itsdangerous==0.24
Jinja2==2.8
jsonschema==2.5.1
Landscape-Client==14.12
ldap3==0.9.9.2
MarkupSafe==0.23
PAM==0.4.2
pyasn1==0.1.9
pycrypto==2.6.1
pyOpenSSL==0.13
pyserial==2.6
python-apt===0.9.3.5ubuntu2
python-dateutil==2.5.2
pytz==2016.3
requests==2.2.1
six==1.10.0
Twisted-Core==13.2.0
tzlocal==1.2
urllib3==1.7.1
Werkzeug==0.11.5
WTForms==2.0.2
zope.interface==4.0.5
I though it was a problem with ssl, so I have changed client config
burpui-client.conf
mode = client
server = 127.0.0.1
port = 4971
user = root
group = root
protocol = 1
pidfile = /var/run/burp.pid
cname = bui
password = somethingelse
syslog = 1
stdout = 1
ca_burp_ca = /usr/sbin/burp_ca
ca_csr_dir = /etc/burpui/CA-client
ssl_cert_ca = /etc/burpui/ssl_cert_ca-client.pem
ssl_cert = /etc/burpui/ssl_cert-client.pem
ssl_key = /etc/burpui/ssl_cert-client.key
ssl_key_password = password
ssl_peer_cn = server
server_can_restore = 1
The files are there:
/etc/burpui/
├── CA-client
│ └── bui.csr
├── ssl_cert_ca-client.pem
├── ssl_cert-client.key
└── ssl_cert-client.pem
And also connects to server
burp -c burpui-client.conf -a t
2016-04-08 20:09:26: burp[15109] burpui-client.conf: status_port unset
2016-04-08 20:09:26: burp[15109] auth ok
2016-04-08 20:09:26: burp[15109] Server version: 2.0.36
2016-04-08 20:09:26: burp[15109] nocsr ok
2016-04-08 20:09:26: burp[15109] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
2016-04-08 20:09:26: burp[15109] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:msg:csetproto:rshash=blake2:
2016-04-08 20:09:26: burp[15109] Using protocol=1
2016-04-08 20:09:26: burp[15109] Found no include paths!
2016-04-08 20:09:26: burp[15109] error in backup
Server configuration
It's second instance as I use main server for other clients
burp-ui-srv.conf
mode = server
port = 4971
status_port = 4972
max_children = 5
max_status_children = 5
syslog = 1
autoupgrade_dir = /etc/burp/autoupgrade/server
version_warn = 1
hardlinked_archive = 0
clientconfdir = /etc/burp/clientconfdir
pidfile = /var/run/burp-ui.pid
directory = /storage/burp
user = root
group = root
umask = 0022
ca_conf = /etc/burp/CA.cnf
ca_name = burpCA
ca_server_name = something
ca_burp_ca = /usr/sbin/burp_ca
ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
ssl_cert = /etc/burp/ssl_cert-server.pem
ssl_key = /etc/burp/ssl_cert-server.key
ssl_key_password = somethinghere
ssl_dhfile = /etc/burp/dhfile.pem
server_script_post=/usr/local/share/infra/burp-ui_post.sh
keep = 1
working_dir_recovery_method = resume
restore_client=burpclient
restore_client=bui
# burp2 specific
dedup_group = somegroup
monitor_browse_cache=1
I have created burp-ui.conf:
[Global]
# On which port is the application listening
port: 5000
# On which address is the application listening
# '::' is the default for all IPv6
bind: ::
# enable SSL
ssl: false
# ssl cert
sslcert: /etc/burp/ssl_cert-server.pem
# ssl key
sslkey: /etc/burp/ssl_cert-server.key
# burp server version 1 or 2
version: 2
# Handle multiple bui-servers or not
# If set to 'false', you will need to declare at least one 'Agent' section (see
# bellow)
standalone: true
# authentication plugin (mandatory)
# list the misc/auth directory to see the available backends
# to disable authentication you can set "auth: none"
auth: basic
# acl plugin
# list misc/acl directory to see the available backends
# default is no ACL
acl: basic
[UI]
# refresh interval of the pages in seconds
refresh: 60
# refresh interval of the live-monitoring page in seconds
liverefresh: 5
[BASIC]
## Backend priority. Higher is first
#priority: 2
admin: somethingelse
#admin: password
#user1: otherpassword
[Production]
# storage backend (only used with gunicorn) for session and cache
# may be either 'default' or 'redis'
storage: default
# redis server to connect to
redis: localhost:6379
# whether to use secure cookie or not
scookie: false
[Burp2]
## burp binary
burpbin: /usr/sbin/burp
## vss_strip binary
#stripbin: /usr/sbin/vss_strip
## burp client configuration file used for the restoration (Default: None)
bconfcli: /etc/burp/burpui-client.conf
## burp server configuration file used for the setting page
bconfsrv: /etc/burp/burp-ui-srv.conf
## temporary directory to use for restoration
tmpdir: /storage/burp-ui
## how many time to wait for the monitor to answer (in seconds)
timeout: 5
burpui was upgraded with latest version today.
The ui doesn't show the version, it showed before I have done some changes but the ui works and I can access to server configuration.
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_cache/__init__.py", line 297, in decorated_function
rv = f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/marshalling.py", line 101, in wrapper
resp = f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/api/clients.py", line 362, in get
api.abort(500, str(e))
File "/usr/local/lib/python2.7/dist-packages/burpui/api/__init__.py", line 155, in abort
super(ApiWrapper, self).abort(code, message, **kwargs) # pragma: no cover
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/api.py", line 351, in abort
abort(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restplus/errors.py", line 29, in abort
flask.abort(code)
File "/usr/local/lib/python2.7/dist-packages/burpui/../werkzeug/exceptions.py", line 646, in __call__
raise self.mapping[code](*args, **kwargs)
InternalServerError: 500: Internal Server Error
::ffff:10.100.64.160 - - [08/Apr/2016 20:18:02] "GET /api/clients/stats HTTP/1.1" 500 -
--------------------------------------------------------------------------------
ERROR in app [/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py:1423]:
Exception on /api/misc/about [GET]
--------------------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask_restful/__init__.py", line 271, in error_router
return original_handler(e)
File "/usr/local/lib/python2.7/dist-packages/burpui/../flask/app.py", line 1363, in handle_user_exception
assert exc_value is e
AssertionError
```
![version](/uploads/be6bee58453fd29f02ce66965ba85bd0/version.jpg)