Commit fa6d987d authored by Ziirish's avatar Ziirish

use a dedicated listen port for burp-ui restorations

parent 850fe942
......@@ -306,6 +306,8 @@ def compile_translation():
@click.option('-c', '--client', default='bui',
help='Name of the burp client that will be used by Burp-UI '
'(defaults to "bui")')
@click.option('-l', '--listen', default='0.0.0.0:5971',
help='Setup a custom listen port for the Burp-UI restorations')
@click.option('-h', '--host', default='::1',
help='Address of the status server (defaults to "::1")')
@click.option('-r', '--redis', default=None,
......@@ -324,7 +326,7 @@ def compile_translation():
help='Switch to another backend', type=click.Choice(['burp2', 'parallel']))
@click.option('-n', '--dry', is_flag=True,
help='Dry mode. Do not edit the files but display changes')
def setup_burp(bconfcli, bconfsrv, client, host, redis, database,
def setup_burp(bconfcli, bconfsrv, client, listen, host, redis, database,
plugins, monitor, concurrency, pool, backend, dry):
"""Setup burp client for burp-ui."""
if app.config['BACKEND'] not in ['burp2', 'parallel'] and not backend:
......@@ -597,14 +599,16 @@ def setup_burp(bconfcli, bconfsrv, client, host, redis, database,
is_burp_2_2_10_plus = True
listen_opt = 'listen_status'
_, restore_port = listen.split(':')
if not os.path.exists(bconfcli):
clitpl = """
clitpl = f"""
mode = client
port = 4971
port = {restore_port}
status_port = 4972
server = ::1
password = abcdefgh
cname = {0}
cname = {client}
protocol = 1
pidfile = /tmp/burp.client.pid
syslog = 0
......@@ -615,7 +619,7 @@ server_can_restore = 0
cross_all_filesystems=0
ca_burp_ca = /usr/sbin/burp_ca
ca_csr_dir = /etc/burp/CA-client
ssl_cert_ca = /etc/burp/ssl_cert_ca-client-{0}.pem
ssl_cert_ca = /etc/burp/ssl_cert_ca-client-{client}.pem
ssl_cert = /etc/burp/ssl_cert-bui-client.pem
ssl_key = /etc/burp/ssl_cert-bui-client.key
ssl_key_password = password
......@@ -626,7 +630,7 @@ exclude_fs = tmpfs
nobackup = .nobackup
exclude_comp=bz2
exclude_comp=gz
""".format(client)
"""
if dry:
(_, dest_bconfcli) = tempfile.mkstemp()
......@@ -644,6 +648,9 @@ exclude_comp=gz
if confcli.get('server') != host:
confcli['server'] = host
c_status_port = confcli.get('status_port', [4972])[0] if confcli.version >= BURP_BIND_MULTIPLE else confcli.get('status_port', 4972)
c_server_port = confcli.get('port', [4971])[0] if confcli.version >= BURP_BIND_MULTIPLE else confcli.get('port', 4971)
if c_server_port != restore_port:
confcli['port'] = [restore_port]
if confcli.dirty:
if dry:
......@@ -720,6 +727,14 @@ exclude_comp=gz
)
MAX_STATUS_CHILDREN = pool if pool is not None else 15
if not is_burp_2_2_10_plus:
s_port = confsrv.get('port', [4971])
if restore_port not in s_port:
confsrv['port'] = restore_port
else:
s_listen = confsrv.get('listen', [])
if listen not in s_listen:
confsrv['listen'] = listen
status_port = confsrv.get('status_port', [4972])
do_warn = False
if 'max_status_children' not in confsrv:
......
......@@ -864,7 +864,10 @@ class File(dict):
opt = OptionInt(key, value)
elif key in self._options_for_type('multi'):
opt = self.options.get(key, OptionMulti(self.parser, key))
opt.append(value)
if isinstance(value, list):
opt.update(value)
else:
opt.append(value)
elif key in self._options_for_type('pair'):
association = self.parser.pair_associations.get(key)
if key not in self.options and association not in self.options:
......@@ -874,7 +877,10 @@ class File(dict):
opt = self.options.get(association)
else:
opt = self.options.get(key)
opt.append(key, value)
if isinstance(value, list):
opt.update(key, value)
else:
opt.append(key, value)
elif key == '.':
key = value
if self._parsing_templates:
......
FROM alpine:3.10
ARG BURP_VERSION=2.2.18
ARG UTHASH_VERSION=2.1.0
RUN apk add --no-cache supervisor logrotate librsync libressl tzdata bash coreutils \
&& apk add --no-cache --virtual .fetch-deps \
tar \
\
&& wget -O burp.tar.gz https://github.com/grke/burp/archive/2.2.18.tar.gz \
&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.1.0.tar.gz \
&& wget -O burp.tar.gz https://github.com/grke/burp/archive/${BURP_VERSION}.tar.gz \
&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v${UTHASH_VERSION}.tar.gz \
&& mkdir -p /usr/src/burp /usr/src/uthash \
&& tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \
&& tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \
......
......@@ -44,6 +44,12 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
EOF
# add a dedicated listen port for burp-ui restorations
cat >>/etc/burp/burp-server.conf<<EOF
listen = 0.0.0.0:5971
max_children = 5
EOF
# cleanup
delgroup ping
rm -rf ~/.cache
......@@ -17,6 +17,7 @@ BURPUI_BACKEND=${BURPUI_BACKEND:-parallel}
BURP_CLIENT_CONFIG=${BURP_CLIENT_CONFIG:-/tmp/burp.conf}
BURP_SERVER_CONFIG=${BURP_SERVER_CONFIG:-/etc/burp/burp-server.conf}
BURP_SERVER_ADDR=${BURP_SERVER_ADDR:-burp-server}
BURP_RESTORE_LISTEN_ADDR=${BURP_RESTORE_LISTEN_ADDR:-0.0.0.0:5971}
REDIS_SERVER=${REDIS_SERVER:-redis:6379}
DATABASE_URL=${DATABASE_URL:-postgresql://burpui:burpui@pgsql/burpuidb}
GUNICORN_WORKERS=${GUNICORN_WORKERS:-$(getconf _NPROCESSORS_ONLN)}
......@@ -69,7 +70,7 @@ appStart () {
LOGFILE=$(doas burpui mktemp)
echo "Setting up burp & burp-ui:"
COMMAND="bui-manage -c $BURPUI_CONFIG setup-burp --burp-conf-cli $BURP_CLIENT_CONFIG --burp-conf-serv $BURP_SERVER_CONFIG --host $BURP_SERVER_ADDR --client $BURPUI_CLIENT_NAME --redis $REDIS_SERVER --database $DATABASE_URL --plugins $BURPUI_PLUGINS --monitor $BURPUI_MONITOR_CONFIG --concurrency $ASYNC_CONCURRENCY --pool-size $ASYNC_POOL_SIZE --backend $BURPUI_BACKEND"
COMMAND="bui-manage -c $BURPUI_CONFIG setup-burp --burp-conf-cli $BURP_CLIENT_CONFIG --burp-conf-serv $BURP_SERVER_CONFIG --host $BURP_SERVER_ADDR --client $BURPUI_CLIENT_NAME --redis $REDIS_SERVER --database $DATABASE_URL --plugins $BURPUI_PLUGINS --monitor $BURPUI_MONITOR_CONFIG --concurrency $ASYNC_CONCURRENCY --pool-size $ASYNC_POOL_SIZE --backend $BURPUI_BACKEND --listen $BURP_RESTORE_LISTEN_ADDR"
echo $COMMAND
doas burpui "$COMMAND 2>&1 | tee $LOGFILE"
ret=$?
......
......@@ -70,6 +70,7 @@ services:
# - GUNICORN_WORKER_CLASS=sync
# - REDIS_SERVER=redis:6379
# - BURP_SERVER_ADDR=burp-server
# - BURP_RESTORE_LISTEN_ADDR=0.0.0.0:5971
# - ASYNC_POOL_SIZE=4
# - ASYNC_CONCURRENCY=2
# - TIMEZONE=Europe/Paris
......@@ -37,6 +37,9 @@ provided. There are a few variables supported to setup your system:
to not override the ``/etc/burp/burp.conf`` file if you already use it.
- **BURP_SERVER_CONFIG** - Specify the path of the burp-server configuration
file. It defaults to ``/etc/burp/burp-server.conf``.
- **BURP_RESTORE_LISTEN_ADDR** - Specify a custom listen address that will be
dedicated for restorations processed by `Burp-UI`_. It defaults to
``0.0.0.0:5971``.
- **DATABASE_URL** - Specify the URL of the database to connect to. It defaults
to ``postgresql://burpui:burpui@pgsql/burpuidb`` which is the default db
shipped with the *docker-compose.yml*.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment