v0.7.0 using gunicorn complains about missing module flask_session
Hi,
Since I'm on a v0.7.0 bug hunt frenzy, here I go :(
When launching burp-ui via gunicorn, I get the following logs:
[2019-06-20 16:59:55,558] INFO in app.create_app: Using configuration: /etc/burp/burpui.cfg
[2019-06-20 16:59:55,561] INFO in config.safe_get: the value "None" is of the wrong type.
[Global]:port - found: None, default: 0 -> 0
[2019-06-20 16:59:55,561] INFO in config.safe_get: the value "None" is of the wrong type.
[Global]:demo - found: None, default: False -> False
[2019-06-20 16:59:55,561] INFO in config.safe_get: the value "None" is of the wrong type.
[Global]:piwik_id - found: None, default: 0 -> 0
[2019-06-20 16:59:55,562] INFO in config.safe_get: the value "None" is of the wrong type.
[Global]:ssl - found: None, default: False -> False
[2019-06-20 16:59:55,563] INFO in server.setup: backend: multi
[2019-06-20 16:59:55,563] INFO in server.setup: listen port: 0
[2019-06-20 16:59:55,563] INFO in server.setup: bind addr:
[2019-06-20 16:59:55,563] INFO in server.setup: use ssl: False
[2019-06-20 16:59:55,563] INFO in server.setup: standalone: False
[2019-06-20 16:59:55,563] INFO in server.setup: sslcert:
[2019-06-20 16:59:55,563] INFO in server.setup: sslkey:
[2019-06-20 16:59:55,563] INFO in server.setup: prefix:
[2019-06-20 16:59:55,564] INFO in server.setup: secure cookie: True
[2019-06-20 16:59:55,564] INFO in server.setup: cookietime: 1 day, 0:00:00
[2019-06-20 16:59:55,564] INFO in server.setup: session inactive: 1 day, 0:00:00
[2019-06-20 16:59:55,564] INFO in server.setup: refresh: 180
[2019-06-20 16:59:55,564] INFO in server.setup: liverefresh: 5
[2019-06-20 16:59:55,564] INFO in server.setup: auth: ['basic']
[2019-06-20 16:59:55,564] INFO in server.setup: audit: ['basic']
[2019-06-20 16:59:55,564] INFO in server.setup: celery: True
[2019-06-20 16:59:55,564] INFO in server.setup: redis: localhost:6379
[2019-06-20 16:59:55,565] INFO in server.setup: limiter: none
[2019-06-20 16:59:55,565] INFO in server.setup: database: sqlite:////var/lib/burpui/store.db
[2019-06-20 16:59:55,565] INFO in server.setup: with SQL: True
[2019-06-20 16:59:55,565] INFO in server.setup: with Celery: True
[2019-06-20 16:59:55,565] INFO in server.setup: with WebSocket: False
[2019-06-20 16:59:55,565] INFO in server.setup: demo: False
[2019-06-20 16:59:55,577] WARNING in app.create_app: Unable to initialize session: No module named 'flask_session'
[2019-06-20 16:59:55,632] WARNING in app.create_app: Unable to initialize session: No module named 'flask_session'
[2019-06-20 16:59:55,701] WARNING in app.create_app: Unable to initialize session: No module named 'flask_session'
[2019-06-20 16:59:55,740] WARNING in app.create_app: Unable to initialize session: No module named 'flask_session'
[2019-06-20 16:59:55,769] INFO in config.safe_get: the value "None" is of the wrong type.
[BASIC:AUTH]:mixed - found: None, default: False -> False
[2019-06-20 16:59:55,769] INFO in basic.load_users: Loading user: admin (hashed)
[2019-06-20 16:59:55,769] INFO in basic.load_users: Loading user: someuser (hashed)
[2019-06-20 16:59:55,770] INFO in config.safe_get: the value "None" is of the wrong type.
[ACL]:implicit_link - found: None, default: True -> True
[2019-06-20 16:59:55,770] INFO in config.safe_get: the value "None" is of the wrong type.
[ACL]:inverse_inheritance - found: None, default: False -> False
[2019-06-20 16:59:55,771] INFO in config.safe_get: No value for this option
[BASIC:ACL]:@moderator - found: None, default: None -> None
[2019-06-20 16:59:55,772] INFO in server.load_modules: acl: ['basic']
[2019-06-20 16:59:55,957] WARNING in app.create_app: Unable to initialize session: No module named 'flask_session'
-
It seems that flask_session is not there. Installed via python36 -m pip install Flask-Session, now it's not complaining anymore about that. Checked requirements.txt, Flask-Session isn't present. As strange is it sounds, with or without Flask-Session installed, I see no difference.
-
I think there are some config values in burpui.cfg that aren't in the burpui.sample.cfg file yet. Eg: [Global] port, demo, piwik_id (whatever this is), ssl [BASIC:AUTH] mixed
For instance, here's my config file (which is the current burpui.sample.cfg file with my config):
[Global]
backend = multi
auth = basic
acl = basic
audit = basic
plugins = none
[UI]
refresh = 180
liverefresh = 5
ignore_labels = color:.*, custom:.*
format_labels = s/^os:\s*//
default_strip = 0
[Production]
storage = redis
session = redis
cache = redis
redis = localhost:6379
celery = true
database = sqlite:////var/lib/burpui/store.db
limiter = false
ratio = 60/minute
prefix = none
num_proxies = 0
proxy_fix_args = "{'x_for': {num_proxies}, 'x_host': {num_proxies}, 'x_prefix': {num_proxies}}"
[WebSocket]
enabled = false
embedded = false
broker = redis
url = none
debug = false
[Security]
includes = /etc/burp
enforce = false
revoke = true
cookietime = 1
sessiontime = 1
scookie = true
appsecret = somerandomstring
[Experimental]
zip64 = false
noserverrestore = false
[Burp]
burpbin = /usr/sbin/burp
stripbin = /usr/sbin/vss_strip
bconfcli = /etc/burp/burp.conf
bconfsrv = /etc/burp/burp-server.conf
tmpdir = /tmp/bui
timeout = 15
deep_inspection = false
[Parallel]
host = ::1
port = 11111
timeout = 15
password = password123456
ssl = true
concurrency = 2
init_wait = 15
[BASIC:AUDIT]
priority = 100
level = WARNING
logfile = /var/log/burp-ui.log
max_bytes = 30 * 1024 * 1024
rotate = 5
[BASIC:AUTH]
priority = 100
admin = pbkdf2:sha256:SomeStuff
someuser = pbkdf2:sha256:SomeStuff
[ACL]
extended = true
assume_rw = false
legacy = false
[BASIC:ACL]
priority = 100
admin = admin
adminfmi = '{"agents":{"AgentSmith":{"rw":["client.*","server.*"]},"AgentBrown":{"rw":["client.* ","server.*"]}}}'
+moderator = "", themegasuperuserofthedeath
[Agent:AgentSmith]
host = 127.0.0.1
port = 10000
password = something
ssl = false
timeout = 300
[Agent:AgentBrown]
host = 127.0.0.1
port = 10001
password = something
ssl = false
timeout = 300