update demo with a new moderator user

862fa112 · Benjamin "Ziirish" SANS · 0e1b8383 · 862fa112 · 862fa112 · 862fa112
Verified Commit 862fa112 authored May 07, 2018 by Benjamin "Ziirish" SANS
8 changed files
--- a/burpui/server.py
+++ b/burpui/server.py
@@ -47,6 +47,9 @@ G_CELERY = False
 G_SCOOKIE = True
 G_DEMO = False
 G_DSN = u''
+G_PIWIK_URL = u''
+G_PIWIK_SCRIPT = u'piwik.php'
+G_PIWIK_ID = 0
 G_APPSECRET = u'random'
 G_COOKIETIME = 14
 G_SESSIONTIME = 5
@@ -83,6 +86,9 @@ class BUIServer(Flask):
            'plugins': G_PLUGINS,
            'demo': G_DEMO,
            'dsn': G_DSN,
+            'piwik_url': G_PIWIK_URL,
+            'piwik_script': G_PIWIK_SCRIPT,
+            'piwik_id': G_PIWIK_ID,
        },
        'UI': {
            'refresh': G_REFRESH,
@@ -181,6 +187,9 @@ class BUIServer(Flask):
            'boolean'
        )
        self.config['BUI_DSN'] = self.conf.safe_get('dsn')
+        self.config['BUI_PIWIK_URL'] = self.conf.safe_get('piwik_url')
+        self.config['BUI_PIWIK_SCRIPT'] = self.conf.safe_get('piwik_script')
+        self.config['BUI_PIWIK_ID'] = self.conf.safe_get('piwik_id', 'integer')
        self.bind = self.config['BUI_BIND'] = self.conf.safe_get('bind')
        version = self.conf.safe_get('version', 'integer')
        if unittest and version != 1:

--- a/burpui/templates/notifications.html
+++ b/burpui/templates/notifications.html
@@ -17,7 +17,7 @@
                <p>
                {{ _("
                <strong>Hello!</strong> Welcome to Burp-UI's demo.
-                You can login with either <em>admin</em> / <em>admin</em> or with <em>demo</em> / <em>demo</em>.
+                You can login with either <em>admin</em> / <em>admin</em>, <em>moderator</em> / <em>moderator</em> or with <em>demo</em> / <em>demo</em>.
                ") }}
                </p>
              </div>

--- a/burpui/translations/es/LC_MESSAGES/messages.po
+++ b/burpui/translations/es/LC_MESSAGES/messages.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2018-05-01 15:07+0200\n"
+"POT-Creation-Date: 2018-05-07 16:20+0200\n"
 "PO-Revision-Date: 2017-03-07 12:04-0300\n"
 "Last-Translator: Pablo Estigarribia <pablodav@gmail.com>\n"
 "Language: es\n"
@@ -1532,7 +1532,6 @@ msgstr ""
 #: burpui/templates/admin-authorizations.html:142
 #: burpui/templates/admin-authorizations.html:162
 #: burpui/templates/admin-authorizations.html:252
-#: burpui/templates/admin/authentication.html:26
 #: burpui/templates/admin/sessions.html:49
 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58
 #: burpui/templates/user.html:92 burpui/templates/user.html:121
@@ -2132,19 +2131,20 @@ msgstr "Seleccionar todo"
 msgid "Deselect all"
 msgstr "Quitar selección"

+#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
+#: burpui/templates/macros.html:173
+msgid "now"
+msgstr "ahora"
+
 #: burpui/templates/notifications.html:18
 msgid ""
 "\n"
 "                <strong>Hello!</strong> Welcome to Burp-UI's demo.\n"
-"                You can login with either <em>admin</em> / <em>admin</em>"
-" or with <em>demo</em> / <em>demo</em>.\n"
+"                You can login with either <em>admin</em> / "
+"<em>admin</em>, <em>moderator</em> / <em>moderator</em> or with "
+"<em>demo</em> / <em>demo</em>.\n"
 "                "
 msgstr ""
-"\n"
-" <strong> ¡Hola! </strong> Bienvenido a burp-UI de demostración. \n"
-"Puede ingresar con <em> admin </em> / <em> admin </em> o con <em> demo "
-"</em> / <em> demo</em>.   \n"
-"                "

 #: burpui/templates/servers-report.html:10
 msgid "Global report"
@@ -2608,7 +2608,7 @@ msgstr "ejecutándose"

 #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26
 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20
-#: burpui/templates/js/clients.js:172
+#: burpui/templates/js/clients.js:169
 msgid "idle"
 msgstr "inactivo"

@@ -2628,11 +2628,7 @@ msgstr "Eliminar tarea iniciada"
 msgid "never"
 msgstr "nunca"

-#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
-msgid "now"
-msgstr "ahora"
-
-#: burpui/templates/js/clients.js:170
+#: burpui/templates/js/clients.js:167
 msgid "view"
 msgstr "ver"

@@ -2770,3 +2766,20 @@ msgstr ""
 #~ msgid "Authenticate users against local PAM database"
 #~ msgstr ""

+#~ msgid ""
+#~ "\n"
+#~ "                <strong>Hello!</strong> Welcome to Burp-UI's demo.\n"
+#~ "                You can login with "
+#~ "either <em>admin</em> / <em>admin</em> "
+#~ "<em>moderator</em> / <em>moderator</em> or "
+#~ "with <em>demo</em> / <em>demo</em>.\n"
+#~ "                "
+#~ msgstr ""
+#~ "\n"
+#~ " <strong> ¡Hola! </strong> Bienvenido a burp-UI de demostración. \n"
+#~ "Puede ingresar con <em> admin </em> "
+#~ "/ <em> admin </em>, <em>moderator</em> /"
+#~ " <em>moderator</em> o con <em> demo "
+#~ "</em> / <em> demo </em>.   \n"
+#~ "                "
+
--- a/burpui/translations/fr/LC_MESSAGES/messages.po
+++ b/burpui/translations/fr/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2018-05-01 15:07+0200\n"
+"POT-Creation-Date: 2018-05-07 16:20+0200\n"
 "PO-Revision-Date: 2016-08-25 15:19+0200\n"
 "Last-Translator: Ziirish <hi+burpui@ziirish.me>\n"
 "Language: fr\n"
@@ -1183,7 +1183,6 @@ msgstr ""
 #: burpui/templates/admin-authorizations.html:142
 #: burpui/templates/admin-authorizations.html:162
 #: burpui/templates/admin-authorizations.html:252
-#: burpui/templates/admin/authentication.html:26
 #: burpui/templates/admin/sessions.html:49
 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58
 #: burpui/templates/user.html:92 burpui/templates/user.html:121
@@ -1787,19 +1786,26 @@ msgstr "Tout sélectionner"
 msgid "Deselect all"
 msgstr "Tout dé-sélectionner"

+#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
+#: burpui/templates/macros.html:173
+msgid "now"
+msgstr "maintenant"
+
 #: burpui/templates/notifications.html:18
 msgid ""
 "\n"
 "                <strong>Hello!</strong> Welcome to Burp-UI's demo.\n"
-"                You can login with either <em>admin</em> / <em>admin</em>"
-" or with <em>demo</em> / <em>demo</em>.\n"
+"                You can login with either <em>admin</em> / "
+"<em>admin</em>, <em>moderator</em> / <em>moderator</em> or with "
+"<em>demo</em> / <em>demo</em>.\n"
 "                "
 msgstr ""
 "\n"
 "                <strong>Bonjour !</strong> Bienvenue sur la demo de Burp-"
 "UI.\n"
 "                Vous pouvez vous connecter avec les comptes "
-"<em>admin</em> / <em>admin</em> ou <em>demo</em> / <em>demo</em>.\n"
+"<em>admin</em> / <em>admin</em>, <em>moderator</em> / <em>moderator</em> "
+"ou <em>demo</em> / <em>demo</em>.\n"

 #: burpui/templates/servers-report.html:10
 msgid "Global report"
@@ -2269,7 +2275,7 @@ msgstr "en cours"

 #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26
 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20
-#: burpui/templates/js/clients.js:172
+#: burpui/templates/js/clients.js:169
 msgid "idle"
 msgstr "en attente"

@@ -2289,11 +2295,7 @@ msgstr "Tâche de suppression lancée"
 msgid "never"
 msgstr "jamais"

-#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
-msgid "now"
-msgstr "maintenant"
-
-#: burpui/templates/js/clients.js:170
+#: burpui/templates/js/clients.js:167
 msgid "view"
 msgstr "voir"


--- a/burpui/translations/it/LC_MESSAGES/messages.po
+++ b/burpui/translations/it/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2018-05-01 15:07+0200\n"
+"POT-Creation-Date: 2018-05-07 16:20+0200\n"
 "PO-Revision-Date: 2017-07-16 10:36+0100\n"
 "Last-Translator: Enrico204 <enrico204@gmail.com>\n"
 "Language: it\n"
@@ -1474,7 +1474,6 @@ msgstr ""
 #: burpui/templates/admin-authorizations.html:142
 #: burpui/templates/admin-authorizations.html:162
 #: burpui/templates/admin-authorizations.html:252
-#: burpui/templates/admin/authentication.html:26
 #: burpui/templates/admin/sessions.html:49
 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58
 #: burpui/templates/user.html:92 burpui/templates/user.html:121
@@ -2072,19 +2071,20 @@ msgstr "Seleziona tutto"
 msgid "Deselect all"
 msgstr "Deseleziona tutto"

+#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
+#: burpui/templates/macros.html:173
+msgid "now"
+msgstr "ora"
+
 #: burpui/templates/notifications.html:18
 msgid ""
 "\n"
 "                <strong>Hello!</strong> Welcome to Burp-UI's demo.\n"
-"                You can login with either <em>admin</em> / <em>admin</em>"
-" or with <em>demo</em> / <em>demo</em>.\n"
+"                You can login with either <em>admin</em> / "
+"<em>admin</em>, <em>moderator</em> / <em>moderator</em> or with "
+"<em>demo</em> / <em>demo</em>.\n"
 "                "
 msgstr ""
-"\n"
-"                <strong>Ciao!</strong> Benvenuto alla demo di Burp-UI.\n"
-"                Puoi autenticarti sia come <em>admin</em> / "
-"<em>admin</em> sia come <em>demo</em> / <em>demo</em>.\n"
-"                "

 #: burpui/templates/servers-report.html:10
 msgid "Global report"
@@ -2546,7 +2546,7 @@ msgstr "in corso"

 #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26
 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20
-#: burpui/templates/js/clients.js:172
+#: burpui/templates/js/clients.js:169
 msgid "idle"
 msgstr "inattivo"

@@ -2566,11 +2566,7 @@ msgstr "Funzione di eliminazione lanciata"
 msgid "never"
 msgstr "mai"

-#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30
-msgid "now"
-msgstr "ora"
-
-#: burpui/templates/js/clients.js:170
+#: burpui/templates/js/clients.js:167
 msgid "view"
 msgstr "vista"

@@ -2696,3 +2692,21 @@ msgstr ""
 #~ msgid "Authenticate users against local PAM database"
 #~ msgstr ""

+#~ msgid ""
+#~ "\n"
+#~ "                <strong>Hello!</strong> Welcome to Burp-UI's demo.\n"
+#~ "                You can login with "
+#~ "either <em>admin</em> / <em>admin</em> "
+#~ "<em>moderator</em> / <em>moderator</em> or "
+#~ "with <em>demo</em> / <em>demo</em>.\n"
+#~ "                "
+#~ msgstr ""
+#~ "\n"
+#~ "                <strong>Ciao!</strong> Benvenuto "
+#~ "alla demo di Burp-UI.\n"
+#~ "                Puoi autenticarti sia come "
+#~ "<em>admin</em> / <em>admin</em>, <em>moderator</em>"
+#~ " / <em>moderator</em> sia come "
+#~ "<em>demo</em> / <em>demo</em>.\n"
+#~ "                "
+
--- a/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg
+++ b/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg
@@ -38,6 +38,9 @@ acl = basic
 prefix = none
 demo = true
 dsn = @DSN@
+piwik_url = @PIWIK_URL@
+piwik_script = @PIWIK_SCRIPT@
+piwik_id = @PIWIK_ID@

 [UI]
 # refresh interval of the pages in seconds
@@ -192,8 +195,38 @@ noserverrestore = true
 #priority = 2
 #admin = password
 #user1 = otherpassword
-admin = pbkdf2:sha1:1000$Jeoy7tqS$ce50e82698ef11f1ee0442ab1227a742118d1cb2
-demo = pbkdf2:sha1:1000$eSmvMm2z$a95240bef1682d3469f1141a015b6f5cf18c9de2
+admin = pbkdf2:sha256:50000$tBmBFbIb$645e36483a936aa2c54ba7f4b0908e8fd45aebdcddc07343b11bac099732c61d
+demo = pbkdf2:sha256:50000$Rd7VUJ9Z$2e91276223d6371ec83bbad7e96c207bee940994e718be44ef274403f3de4a26
+moderator = pbkdf2:sha256:50000$vLjiLsda$c848e929190a5cf8e237caf35032bef4a0e73469152d9c89b4cc803ffd9c4d51
+
+## acl engine global options
+#[ACL]
+## Enable extended matching rules (enabled by default)
+## If the rule is a string like 'user1 = desk*', it will match any client that
+## matches 'desk*' no mater what agent it is attached to.
+## If it is a coma separated list of strings like 'user1 = desk*,laptop*' it
+## will match the first matching rule no mater what agent it is attached to.
+## If it is a dict like:
+## user1 = '{"agents": ["srv*", "www*"], "clients": ["desk*", "laptop*"]}'
+## It will also validate against the agent name.
+#extended = true
+## If you don't explicitly specify ro/rw grants, what should we assume?
+#assume_rw = true
+## Enable 'legacy' behavior
+## Since v0.6.0, if you don't specify the agents name explicitly, users will be
+## granted on every agents where a client matches user's ACL. If you enable the
+## 'legacy' behavior, you will need to specify the agents explicitly.
+## Note: enabling this option will also disable the extended mode
+#legacy = false
+## The inheritance order maters, it means depending the order you choose,
+## the ACL engine won't handle the grants the same way.
+## By default, ACL inherited by groups will have lower priority, unless you
+## choose otherwise
+#inverse_inheritance = false
+## If you specify agents and clients separately, should we link them implicitly?
+## For instance, '{"agents": ["agent1", "agent2"], "clients": ["client1", "client2"]}'
+## will become: '{"agents": {"agent1": ["client1", "client2"], "agent2": ["client1", "client2"]}}'
+#implicit_link = true

 ## basicacl specific options
 ## Note: in case you leave this section commented, the user 'admin' will have
@@ -210,7 +243,9 @@ demo = pbkdf2:sha1:1000$eSmvMm2z$a95240bef1682d3469f1141a015b6f5cf18c9de2
 ## a user can access on a specific Agent
 #user4 = '{"agent1": ["client6", "client7"], "agent2": ["client8"]}'
 admin = admin
-demo = '{"Burp1": ["demo2"]}'
+@moderator = '{"agents": {"ro": "Burp1", "rw": "Burp2"}}'
+moderator = moderator
+demo = '{"agents": {"Burp1": ["demo2"]}}'

 ## If you set standalone to 'false', add at least one section like this per
 ## bui-agent

--- a/docker/demo/docker-burpui/assets/config/patch/piwik.patch
+++ b/docker/demo/docker-burpui/assets/config/patch/piwik.patch
@@ -4,12 +4,12 @@
      _paq.push(['trackPageView']);
      _paq.push(['enableLinkTracking']);
      (function() {
-        var u="//ziirish.info/piwik/";
-        _paq.push(['setTrackerUrl', u+'piwik.php']);
-        _paq.push(['setSiteId', 4]);
+        var u="{{ config.BUI_PIWIK_URL }}";
+        _paq.push(['setTrackerUrl', u+'{{ config.BUI_PIWIK_SCRIPT }}']);
+        _paq.push(['setSiteId', {{ config.BUI_PIWIK_ID }}]);
        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
        g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
      })();
    </script>
-    <noscript><p><img src="//ziirish.info/piwik/piwik.php?idsite=4" style="border:0;" alt="" /></p></noscript>
+    <noscript><p><img src="{{ config.BUI_PIWIK_URL }}{{ config.BUI_PIWIK_SCRIPT }}?idsite={{ config.BUI_PIWIK_ID }}" style="border:0;" alt="" /></p></noscript>
    <!-- End Piwik Code -->
--- a/docker/demo/docker-burpui/assets/init
+++ b/docker/demo/docker-burpui/assets/init
@@ -35,6 +35,9 @@ appStart () {
  rand=$(dd if=/dev/urandom bs=256 count=1 2>/dev/null | base64 | sed ':a;N;$!ba;s/\n//g')
  sed -i -r "s'@RANDOM@'$rand'" /etc/burp/burpui.cfg
  sed -i -r "s'@DSN@'$SENTRY_DSN'" /etc/burp/burpui.cfg
+  sed -i -r "s'@PIWIK_URL@'$SPIWIK_URL'" /etc/burp/burpui.cfg
+  sed -i -r "s'@PIWIK_SCRIPT@'$PIWIK_SCRIPT'" /etc/burp/burpui.cfg
+  sed -i -r "s'@PIWIK_ID@'$PIWIK_ID'" /etc/burp/burpui.cfg

  # patch demo with piwik
  REP=$(cat ${CONFIG_DIR}/patch/piwik.patch)