Build Status ------------ .. image:: https://ci.ziirish.me/projects/1/status.png?ref=master :target: https://ci.ziirish.me/projects/1?ref=master Screenshots ----------- .. image:: https://raw.githubusercontent.com/ziirish/burp-ui/master/pictures/burp-ui.gif :target: https://git.ziirish.me/ziirish/burp-ui/blob/master/pictures/burp-ui.gif What's that? ------------ Let me introduce you ``Burp-UI``. It is a web-based UI to manage your burp-servers. You can view different reports about burp-servers, burp-clients, backups, etc. ``Burp-UI`` allows you to perform *on-the-fly* restorations and should allow you to edit/manage your burp-server's conf file very soon. It is actually an improvement of the burp status monitor (``burp -c /etc/burp/burp-server.conf -a s``). It currently supports only the burp-1.x branch but it is totally modular so supporting burp-2.x won't be a big deal. So in order to work properly, you must be running ``Burp-UI`` on the same host that runs your burp-server (because the burp status port only listen on *localhost*). If you don't want to, I developed a ``bui-agent`` that allows you to *proxify* external commands to your burp status port. Who are you? ------------ I'm `Ziirish `_, a French sysadmin that loves `Burp`_ and would like to help its adoption by providing it a nice and powerful interface. If you like my work, you can: * Thank me by sending me an email or writing a nice comment * Buy me a beer or some fries or both! * Make a donation on my Paypal Contributing ------------ Contributions are welcome. You can help in any way you want, for instance by opening issues on the `bug tracker `__, sending patches, etc. There is also a dedicated website. Currently it only hosts a `Discourse `__ instance where you ca discuss with each other. Feel free to use it and post your tips and remarks. The address is: `http://burpui.ziirish.me/ `__ Requirements ------------ Please note that currently, ``Burp-UI`` must be running on the same server that runs the burp-server. For LDAP authentication (optional), we need the ``simpleldap`` module that requires the following packages on Debian: :: aptitude install libsasl2-dev libldap2-dev python-dev Then we install the module itself: :: pip install simpleldap Installation ------------ ``Burp-UI`` is written in Python with the `Flask`_ micro-framework. The easiest way to install Flask is to use ``pip``. On Debian, you can install ``pip`` with the following command: :: aptitude install python-pip Once ``pip`` is installed, you can install ``Burp-UI`` this way: :: pip install burp-ui You can setup various parameters in the `burpui.cfg`_ file. This file can be specified with the ``-c`` flag or should be present in ``/etc/burp/burpui.cfg``. By default ``Burp-UI`` ships with a default file located in ``$BURPUIDIR/../share/burpui/etc/burpui.cfg``. Then you can run ``burp-ui``: ``burp-ui`` By default, ``burp-ui`` listens on all interfaces (including IPv6) on port 5000. You can then point your browser to http://127.0.0.1:5000/ Development ----------- If you wish to use the latest and yet unstable version (eg. `master `__), you can install it using ``pip`` too, but I would recommend you to use a ``virtualenv``. To do so, run the following commands: :: mkdir /opt/bui-venv pip install virtualenv virtualenv /opt/bui-venv source /opt/bui-venv/bin/activate pip install git+https://git.ziirish.me/ziirish/burp-ui.git You can uninstall/disable this ``Burp-UI`` setup by typing ``deactivate`` and removing the ``/opt/bui-venv`` directory. Gunicorn -------- Starting from v0.0.6, ``Burp-UI`` supports `Gunicorn `_ in order to handle multiple users simultaneously. You need to install ``gunicorn`` and ``eventlet``: :: pip install eventlet pip install gunicorn You will then be able to launch ``Burp-UI`` this way: :: gunicorn -k eventlet -w 4 'burpui:init(conf="/path/to/burpui.cfg")' Instructions ------------ In order to make the *on the fly* restoration/download functionality work, you need to check a few things: 1. Provide the full path of the burp (client) binary file 2. Provide the full path of an empty directory where a temporary restoration will be made. This involves you have enough space left on that location on the server that runs ``Burp-UI`` 3. Launch ``Burp-UI`` with a user that can proceed restorations and that can write in the directory above 4. Make sure to configure a client on the server that runs ``Burp-UI`` that can restore files of other clients (option *restore_client* in burp-server configuration) Troubleshooting --------------- In case you encounter troubles with ``Burp-UI``, you should run it with the ``-d`` flag and paste the relevant output within your bug-report. Please also give the version of ``burp`` AND ``Burp-UI``. Since v0.0.6 you can use the ``-V`` or ``--version`` flag in order to get your version number. Notes ----- Please feel free to report any issues on my `gitlab `_. I have closed the *github tracker* to have a unique tracker system. TODO ---- `Here `_ is a non-exhaustive list of things I'd like to add. Also note that in the future, I'd like to write a burp-client GUI. But I didn't think yet of what to do. Changelog --------- * version `current `_: - `Full changelog `__ * version `0.0.6 `_: - Add `gunicorn support `_ - Add `init script for CentOS `_ - Add `init script for Debian `_ - Add `autofocus login field on login page `_ - Add `burp-server configuration panel `_ - Fix issue `#25 `_ - Fix issue `#26 `_ - Fix issue `#30 `_ - Fix issue `#32 `_ - Fix issue `#33 `_ - Fix issue `#34 `_ - Fix issue `#35 `_ - Fix issue `#39 `_ - Code cleanup - Improve unit tests - Bugfixes - `Full changelog `__ * version `0.0.5 `_: - Add multi-server support - Fix bugs - `Full changelog `__ * version `0.0.4 `_: - Add the ability to download files directly from the web interface - `Full changelog `__ * version `0.0.3 `_: - Add authentication - `Full changelog `__ * version `0.0.2 `_: - Fix bugs - `Full changelog `__ * version `0.0.1 `_: - Initial release Licenses -------- ``Burp-UI`` is released under the BSD 3-clause `License`_. But this project is built on top of other tools listed here: - `d3.js `_ (`BSD `__) - `nvd3.js `_ (`Apache `__) - `jQuery `_ (`MIT `__) - `jQuery-UI `_ (`MIT `__) - `fancytree `_ (`MIT `__) - `bootstrap `_ (`MIT `__) - `typeahead `_ (`MIT `__) - `bootswatch `_ theme ``Slate`` (`MIT `__) - `angular-bootstrap-switch `_ (`Apache `__) - `angular.js `_ (`MIT `__) - `angular-ui-select `_ (`MIT `__) - `AngularStrap `_ (`MIT `__) - `lodash `_ (`MIT `__) - Home-made `favicon `_ based on pictures from `simpsoncrazy `_ Also note that this project is made with the Awesome `Flask`_ micro-framework. Thanks ------ Special Thanks to Graham Keeling for its great software! This project would not exist without `Burp`_. .. _Flask: http://flask.pocoo.org/ .. _License: https://git.ziirish.me/ziirish/burp-ui/blob/master/LICENSE .. _Burp: http://burp.grke.org/ .. _burpui.cfg: https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui.cfg