use a dedicated listen port for burp-ui restorations

burpui/cli.py

@@ -306,6 +306,8 @@ def compile_translation():
 @click.option('-c', '--client', default='bui',
               help='Name of the burp client that will be used by Burp-UI '
                    '(defaults to "bui")')
+@click.option('-l', '--listen', default='0.0.0.0:5971',
+              help='Setup a custom listen port for the Burp-UI restorations')
 @click.option('-h', '--host', default='::1',
               help='Address of the status server (defaults to "::1")')
 @click.option('-r', '--redis', default=None,
@@ -324,7 +326,7 @@ def compile_translation():
               help='Switch to another backend', type=click.Choice(['burp2', 'parallel']))
 @click.option('-n', '--dry', is_flag=True,
               help='Dry mode. Do not edit the files but display changes')
-def setup_burp(bconfcli, bconfsrv, client, host, redis, database,
+def setup_burp(bconfcli, bconfsrv, client, listen, host, redis, database,
                plugins, monitor, concurrency, pool, backend, dry):
     """Setup burp client for burp-ui."""
     if app.config['BACKEND'] not in ['burp2', 'parallel'] and not backend:
@@ -597,14 +599,16 @@ def setup_burp(bconfcli, bconfsrv, client, host, redis, database,
         is_burp_2_2_10_plus = True
         listen_opt = 'listen_status'
 
+    _, restore_port = listen.split(':')
+
     if not os.path.exists(bconfcli):
-        clitpl = """
+        clitpl = f"""
 mode = client
-port = 4971
+port = {restore_port}
 status_port = 4972
 server = ::1
 password = abcdefgh
-cname = {0}
+cname = {client}
 protocol = 1
 pidfile = /tmp/burp.client.pid
 syslog = 0
@@ -615,7 +619,7 @@ server_can_restore = 0
 cross_all_filesystems=0
 ca_burp_ca = /usr/sbin/burp_ca
 ca_csr_dir = /etc/burp/CA-client
-ssl_cert_ca = /etc/burp/ssl_cert_ca-client-{0}.pem
+ssl_cert_ca = /etc/burp/ssl_cert_ca-client-{client}.pem
 ssl_cert = /etc/burp/ssl_cert-bui-client.pem
 ssl_key = /etc/burp/ssl_cert-bui-client.key
 ssl_key_password = password
@@ -626,7 +630,7 @@ exclude_fs = tmpfs
 nobackup = .nobackup
 exclude_comp=bz2
 exclude_comp=gz
-""".format(client)
+"""
 
         if dry:
             (_, dest_bconfcli) = tempfile.mkstemp()
@@ -644,6 +648,9 @@ exclude_comp=gz
     if confcli.get('server') != host:
         confcli['server'] = host
     c_status_port = confcli.get('status_port', [4972])[0] if confcli.version >= BURP_BIND_MULTIPLE else confcli.get('status_port', 4972)
+    c_server_port = confcli.get('port', [4971])[0] if confcli.version >= BURP_BIND_MULTIPLE else confcli.get('port', 4971)
+    if c_server_port != restore_port:
+        confcli['port'] = [restore_port]
 
     if confcli.dirty:
         if dry:
@@ -720,6 +727,14 @@ exclude_comp=gz
             )
 
     MAX_STATUS_CHILDREN = pool if pool is not None else 15
+    if not is_burp_2_2_10_plus:
+        s_port = confsrv.get('port', [4971])
+        if restore_port not in s_port:
+            confsrv['port'] = restore_port
+    else:
+        s_listen = confsrv.get('listen', [])
+        if listen not in s_listen:
+            confsrv['listen'] = listen
     status_port = confsrv.get('status_port', [4972])
     do_warn = False
     if 'max_status_children' not in confsrv:

burpui/misc/parser/utils.py

@@ -864,7 +864,10 @@ class File(dict):
             opt = OptionInt(key, value)
         elif key in self._options_for_type('multi'):
             opt = self.options.get(key, OptionMulti(self.parser, key))
-            opt.append(value)
+            if isinstance(value, list):
+                opt.update(value)
+            else:
+                opt.append(value)
         elif key in self._options_for_type('pair'):
             association = self.parser.pair_associations.get(key)
             if key not in self.options and association not in self.options:
@@ -874,7 +877,10 @@ class File(dict):
                 opt = self.options.get(association)
             else:
                 opt = self.options.get(key)
-            opt.append(key, value)
+            if isinstance(value, list):
+                opt.update(key, value)
+            else:
+                opt.append(key, value)
         elif key == '.':
             key = value
             if self._parsing_templates:

docker/components/docker-burp/Dockerfile

 FROM alpine:3.10
 
+ARG BURP_VERSION=2.2.18
+ARG UTHASH_VERSION=2.1.0
+
 RUN apk add --no-cache supervisor logrotate librsync libressl tzdata bash coreutils \
 	&& apk add --no-cache --virtual .fetch-deps \
 		tar \
 	\
-	&& wget -O burp.tar.gz https://github.com/grke/burp/archive/2.2.18.tar.gz \
-	&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.1.0.tar.gz \
+	&& wget -O burp.tar.gz https://github.com/grke/burp/archive/${BURP_VERSION}.tar.gz \
+	&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v${UTHASH_VERSION}.tar.gz \
 	&& mkdir -p /usr/src/burp /usr/src/uthash \
 	&& tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \
 	&& tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \

docker/components/docker-burp/assets/setup/install

@@ -44,6 +44,12 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 EOF
 
+# add a dedicated listen port for burp-ui restorations
+cat >>/etc/burp/burp-server.conf<<EOF
+listen = 0.0.0.0:5971
+max_children = 5
+EOF
+
 # cleanup
 delgroup ping
 rm -rf ~/.cache

docker/docker-alpine/assets/init

@@ -17,6 +17,7 @@ BURPUI_BACKEND=${BURPUI_BACKEND:-parallel}
 BURP_CLIENT_CONFIG=${BURP_CLIENT_CONFIG:-/tmp/burp.conf}
 BURP_SERVER_CONFIG=${BURP_SERVER_CONFIG:-/etc/burp/burp-server.conf}
 BURP_SERVER_ADDR=${BURP_SERVER_ADDR:-burp-server}
+BURP_RESTORE_LISTEN_ADDR=${BURP_RESTORE_LISTEN_ADDR:-0.0.0.0:5971}
 REDIS_SERVER=${REDIS_SERVER:-redis:6379}
 DATABASE_URL=${DATABASE_URL:-postgresql://burpui:burpui@pgsql/burpuidb}
 GUNICORN_WORKERS=${GUNICORN_WORKERS:-$(getconf _NPROCESSORS_ONLN)}
@@ -69,7 +70,7 @@ appStart () {
 
   LOGFILE=$(doas burpui mktemp)
   echo "Setting up burp & burp-ui:"
-  COMMAND="bui-manage -c $BURPUI_CONFIG setup-burp --burp-conf-cli $BURP_CLIENT_CONFIG --burp-conf-serv $BURP_SERVER_CONFIG --host $BURP_SERVER_ADDR --client $BURPUI_CLIENT_NAME --redis $REDIS_SERVER --database $DATABASE_URL --plugins $BURPUI_PLUGINS --monitor $BURPUI_MONITOR_CONFIG --concurrency $ASYNC_CONCURRENCY --pool-size $ASYNC_POOL_SIZE --backend $BURPUI_BACKEND"
+  COMMAND="bui-manage -c $BURPUI_CONFIG setup-burp --burp-conf-cli $BURP_CLIENT_CONFIG --burp-conf-serv $BURP_SERVER_CONFIG --host $BURP_SERVER_ADDR --client $BURPUI_CLIENT_NAME --redis $REDIS_SERVER --database $DATABASE_URL --plugins $BURPUI_PLUGINS --monitor $BURPUI_MONITOR_CONFIG --concurrency $ASYNC_CONCURRENCY --pool-size $ASYNC_POOL_SIZE --backend $BURPUI_BACKEND --listen $BURP_RESTORE_LISTEN_ADDR"
   echo $COMMAND
   doas burpui "$COMMAND 2>&1 | tee $LOGFILE"
   ret=$?

docker/docker-compose.yml

@@ -70,6 +70,7 @@ services:
   #    - GUNICORN_WORKER_CLASS=sync
   #    - REDIS_SERVER=redis:6379
   #    - BURP_SERVER_ADDR=burp-server
+  #    - BURP_RESTORE_LISTEN_ADDR=0.0.0.0:5971
   #    - ASYNC_POOL_SIZE=4
   #    - ASYNC_CONCURRENCY=2
   #    - TIMEZONE=Europe/Paris

docs/docker.rst

@@ -37,6 +37,9 @@ provided. There are a few variables supported to setup your system:
    to not override the ``/etc/burp/burp.conf`` file if you already use it.
  - **BURP_SERVER_CONFIG** - Specify the path of the burp-server configuration
    file. It defaults to ``/etc/burp/burp-server.conf``.
+ - **BURP_RESTORE_LISTEN_ADDR** - Specify a custom listen address that will be
+   dedicated for restorations processed by `Burp-UI`_. It defaults to
+   ``0.0.0.0:5971``.
  - **DATABASE_URL** - Specify the URL of the database to connect to. It defaults
    to ``postgresql://burpui:burpui@pgsql/burpuidb`` which is the default db
    shipped with the *docker-compose.yml*.