diff --git a/burpui/server.py b/burpui/server.py index 1bd9320b..77a5fd9a 100644 --- a/burpui/server.py +++ b/burpui/server.py @@ -47,6 +47,9 @@ G_CELERY = False G_SCOOKIE = True G_DEMO = False G_DSN = u'' +G_PIWIK_URL = u'' +G_PIWIK_SCRIPT = u'piwik.php' +G_PIWIK_ID = 0 G_APPSECRET = u'random' G_COOKIETIME = 14 G_SESSIONTIME = 5 @@ -83,6 +86,9 @@ class BUIServer(Flask): 'plugins': G_PLUGINS, 'demo': G_DEMO, 'dsn': G_DSN, + 'piwik_url': G_PIWIK_URL, + 'piwik_script': G_PIWIK_SCRIPT, + 'piwik_id': G_PIWIK_ID, }, 'UI': { 'refresh': G_REFRESH, @@ -181,6 +187,9 @@ class BUIServer(Flask): 'boolean' ) self.config['BUI_DSN'] = self.conf.safe_get('dsn') + self.config['BUI_PIWIK_URL'] = self.conf.safe_get('piwik_url') + self.config['BUI_PIWIK_SCRIPT'] = self.conf.safe_get('piwik_script') + self.config['BUI_PIWIK_ID'] = self.conf.safe_get('piwik_id', 'integer') self.bind = self.config['BUI_BIND'] = self.conf.safe_get('bind') version = self.conf.safe_get('version', 'integer') if unittest and version != 1: diff --git a/burpui/templates/notifications.html b/burpui/templates/notifications.html index b12a51b7..794e7c50 100644 --- a/burpui/templates/notifications.html +++ b/burpui/templates/notifications.html @@ -17,7 +17,7 @@

{{ _(" Hello! Welcome to Burp-UI's demo. - You can login with either admin / admin or with demo / demo. + You can login with either admin / admin, moderator / moderator or with demo / demo. ") }}

diff --git a/burpui/translations/es/LC_MESSAGES/messages.po b/burpui/translations/es/LC_MESSAGES/messages.po index be916d82..243a06a2 100644 --- a/burpui/translations/es/LC_MESSAGES/messages.po +++ b/burpui/translations/es/LC_MESSAGES/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2018-05-01 15:07+0200\n" +"POT-Creation-Date: 2018-05-07 16:20+0200\n" "PO-Revision-Date: 2017-03-07 12:04-0300\n" "Last-Translator: Pablo Estigarribia \n" "Language: es\n" @@ -1532,7 +1532,6 @@ msgstr "" #: burpui/templates/admin-authorizations.html:142 #: burpui/templates/admin-authorizations.html:162 #: burpui/templates/admin-authorizations.html:252 -#: burpui/templates/admin/authentication.html:26 #: burpui/templates/admin/sessions.html:49 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58 #: burpui/templates/user.html:92 burpui/templates/user.html:121 @@ -2132,19 +2131,20 @@ msgstr "Seleccionar todo" msgid "Deselect all" msgstr "Quitar selección" +#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 +#: burpui/templates/macros.html:173 +msgid "now" +msgstr "ahora" + #: burpui/templates/notifications.html:18 msgid "" "\n" " Hello! Welcome to Burp-UI's demo.\n" -" You can login with either admin / admin" -" or with demo / demo.\n" +" You can login with either admin / " +"admin, moderator / moderator or with " +"demo / demo.\n" " " msgstr "" -"\n" -" ¡Hola! Bienvenido a burp-UI de demostración. \n" -"Puede ingresar con admin / admin o con demo " -" / demo. \n" -" " #: burpui/templates/servers-report.html:10 msgid "Global report" @@ -2608,7 +2608,7 @@ msgstr "ejecutándose" #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20 -#: burpui/templates/js/clients.js:172 +#: burpui/templates/js/clients.js:169 msgid "idle" msgstr "inactivo" @@ -2628,11 +2628,7 @@ msgstr "Eliminar tarea iniciada" msgid "never" msgstr "nunca" -#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 -msgid "now" -msgstr "ahora" - -#: burpui/templates/js/clients.js:170 +#: burpui/templates/js/clients.js:167 msgid "view" msgstr "ver" @@ -2770,3 +2766,20 @@ msgstr "" #~ msgid "Authenticate users against local PAM database" #~ msgstr "" +#~ msgid "" +#~ "\n" +#~ " Hello! Welcome to Burp-UI's demo.\n" +#~ " You can login with " +#~ "either admin / admin " +#~ "moderator / moderator or " +#~ "with demo / demo.\n" +#~ " " +#~ msgstr "" +#~ "\n" +#~ " ¡Hola! Bienvenido a burp-UI de demostración. \n" +#~ "Puede ingresar con admin " +#~ "/ admin , moderator /" +#~ " moderator o con demo " +#~ " / demo . \n" +#~ " " + diff --git a/burpui/translations/fr/LC_MESSAGES/messages.po b/burpui/translations/fr/LC_MESSAGES/messages.po index 1bcf4d18..cade6231 100644 --- a/burpui/translations/fr/LC_MESSAGES/messages.po +++ b/burpui/translations/fr/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2018-05-01 15:07+0200\n" +"POT-Creation-Date: 2018-05-07 16:20+0200\n" "PO-Revision-Date: 2016-08-25 15:19+0200\n" "Last-Translator: Ziirish \n" "Language: fr\n" @@ -1183,7 +1183,6 @@ msgstr "" #: burpui/templates/admin-authorizations.html:142 #: burpui/templates/admin-authorizations.html:162 #: burpui/templates/admin-authorizations.html:252 -#: burpui/templates/admin/authentication.html:26 #: burpui/templates/admin/sessions.html:49 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58 #: burpui/templates/user.html:92 burpui/templates/user.html:121 @@ -1787,19 +1786,26 @@ msgstr "Tout sélectionner" msgid "Deselect all" msgstr "Tout dé-sélectionner" +#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 +#: burpui/templates/macros.html:173 +msgid "now" +msgstr "maintenant" + #: burpui/templates/notifications.html:18 msgid "" "\n" " Hello! Welcome to Burp-UI's demo.\n" -" You can login with either admin / admin" -" or with demo / demo.\n" +" You can login with either admin / " +"admin, moderator / moderator or with " +"demo / demo.\n" " " msgstr "" "\n" " Bonjour ! Bienvenue sur la demo de Burp-" "UI.\n" " Vous pouvez vous connecter avec les comptes " -"admin / admin ou demo / demo.\n" +"admin / admin, moderator / moderator " +"ou demo / demo.\n" #: burpui/templates/servers-report.html:10 msgid "Global report" @@ -2269,7 +2275,7 @@ msgstr "en cours" #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20 -#: burpui/templates/js/clients.js:172 +#: burpui/templates/js/clients.js:169 msgid "idle" msgstr "en attente" @@ -2289,11 +2295,7 @@ msgstr "Tâche de suppression lancée" msgid "never" msgstr "jamais" -#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 -msgid "now" -msgstr "maintenant" - -#: burpui/templates/js/clients.js:170 +#: burpui/templates/js/clients.js:167 msgid "view" msgstr "voir" diff --git a/burpui/translations/it/LC_MESSAGES/messages.po b/burpui/translations/it/LC_MESSAGES/messages.po index 7ef15769..44f923af 100644 --- a/burpui/translations/it/LC_MESSAGES/messages.po +++ b/burpui/translations/it/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2018-05-01 15:07+0200\n" +"POT-Creation-Date: 2018-05-07 16:20+0200\n" "PO-Revision-Date: 2017-07-16 10:36+0100\n" "Last-Translator: Enrico204 \n" "Language: it\n" @@ -1474,7 +1474,6 @@ msgstr "" #: burpui/templates/admin-authorizations.html:142 #: burpui/templates/admin-authorizations.html:162 #: burpui/templates/admin-authorizations.html:252 -#: burpui/templates/admin/authentication.html:26 #: burpui/templates/admin/sessions.html:49 #: burpui/templates/client-browse.html:142 burpui/templates/user.html:58 #: burpui/templates/user.html:92 burpui/templates/user.html:121 @@ -2072,19 +2071,20 @@ msgstr "Seleziona tutto" msgid "Deselect all" msgstr "Deseleziona tutto" +#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 +#: burpui/templates/macros.html:173 +msgid "now" +msgstr "ora" + #: burpui/templates/notifications.html:18 msgid "" "\n" " Hello! Welcome to Burp-UI's demo.\n" -" You can login with either admin / admin" -" or with demo / demo.\n" +" You can login with either admin / " +"admin, moderator / moderator or with " +"demo / demo.\n" " " msgstr "" -"\n" -" Ciao! Benvenuto alla demo di Burp-UI.\n" -" Puoi autenticarti sia come admin / " -"admin sia come demo / demo.\n" -" " #: burpui/templates/servers-report.html:10 msgid "Global report" @@ -2546,7 +2546,7 @@ msgstr "in corso" #: burpui/templates/js/client.js:19 burpui/templates/js/client.js:26 #: burpui/templates/js/client.js:36 burpui/templates/js/clients.js:20 -#: burpui/templates/js/clients.js:172 +#: burpui/templates/js/clients.js:169 msgid "idle" msgstr "inattivo" @@ -2566,11 +2566,7 @@ msgstr "Funzione di eliminazione lanciata" msgid "never" msgstr "mai" -#: burpui/templates/js/clients.js:22 burpui/templates/js/clients.js:30 -msgid "now" -msgstr "ora" - -#: burpui/templates/js/clients.js:170 +#: burpui/templates/js/clients.js:167 msgid "view" msgstr "vista" @@ -2696,3 +2692,21 @@ msgstr "" #~ msgid "Authenticate users against local PAM database" #~ msgstr "" +#~ msgid "" +#~ "\n" +#~ " Hello! Welcome to Burp-UI's demo.\n" +#~ " You can login with " +#~ "either admin / admin " +#~ "moderator / moderator or " +#~ "with demo / demo.\n" +#~ " " +#~ msgstr "" +#~ "\n" +#~ " Ciao! Benvenuto " +#~ "alla demo di Burp-UI.\n" +#~ " Puoi autenticarti sia come " +#~ "admin / admin, moderator" +#~ " / moderator sia come " +#~ "demo / demo.\n" +#~ " " + diff --git a/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg b/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg index 6422a17e..102ec9ea 100644 --- a/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg +++ b/docker/demo/docker-burpui/assets/config/burp-ui/burpui.cfg @@ -38,6 +38,9 @@ acl = basic prefix = none demo = true dsn = @DSN@ +piwik_url = @PIWIK_URL@ +piwik_script = @PIWIK_SCRIPT@ +piwik_id = @PIWIK_ID@ [UI] # refresh interval of the pages in seconds @@ -192,8 +195,38 @@ noserverrestore = true #priority = 2 #admin = password #user1 = otherpassword -admin = pbkdf2:sha1:1000$Jeoy7tqS$ce50e82698ef11f1ee0442ab1227a742118d1cb2 -demo = pbkdf2:sha1:1000$eSmvMm2z$a95240bef1682d3469f1141a015b6f5cf18c9de2 +admin = pbkdf2:sha256:50000$tBmBFbIb$645e36483a936aa2c54ba7f4b0908e8fd45aebdcddc07343b11bac099732c61d +demo = pbkdf2:sha256:50000$Rd7VUJ9Z$2e91276223d6371ec83bbad7e96c207bee940994e718be44ef274403f3de4a26 +moderator = pbkdf2:sha256:50000$vLjiLsda$c848e929190a5cf8e237caf35032bef4a0e73469152d9c89b4cc803ffd9c4d51 + +## acl engine global options +#[ACL] +## Enable extended matching rules (enabled by default) +## If the rule is a string like 'user1 = desk*', it will match any client that +## matches 'desk*' no mater what agent it is attached to. +## If it is a coma separated list of strings like 'user1 = desk*,laptop*' it +## will match the first matching rule no mater what agent it is attached to. +## If it is a dict like: +## user1 = '{"agents": ["srv*", "www*"], "clients": ["desk*", "laptop*"]}' +## It will also validate against the agent name. +#extended = true +## If you don't explicitly specify ro/rw grants, what should we assume? +#assume_rw = true +## Enable 'legacy' behavior +## Since v0.6.0, if you don't specify the agents name explicitly, users will be +## granted on every agents where a client matches user's ACL. If you enable the +## 'legacy' behavior, you will need to specify the agents explicitly. +## Note: enabling this option will also disable the extended mode +#legacy = false +## The inheritance order maters, it means depending the order you choose, +## the ACL engine won't handle the grants the same way. +## By default, ACL inherited by groups will have lower priority, unless you +## choose otherwise +#inverse_inheritance = false +## If you specify agents and clients separately, should we link them implicitly? +## For instance, '{"agents": ["agent1", "agent2"], "clients": ["client1", "client2"]}' +## will become: '{"agents": {"agent1": ["client1", "client2"], "agent2": ["client1", "client2"]}}' +#implicit_link = true ## basicacl specific options ## Note: in case you leave this section commented, the user 'admin' will have @@ -210,7 +243,9 @@ demo = pbkdf2:sha1:1000$eSmvMm2z$a95240bef1682d3469f1141a015b6f5cf18c9de2 ## a user can access on a specific Agent #user4 = '{"agent1": ["client6", "client7"], "agent2": ["client8"]}' admin = admin -demo = '{"Burp1": ["demo2"]}' +@moderator = '{"agents": {"ro": "Burp1", "rw": "Burp2"}}' ++moderator = moderator +demo = '{"agents": {"Burp1": ["demo2"]}}' ## If you set standalone to 'false', add at least one section like this per ## bui-agent diff --git a/docker/demo/docker-burpui/assets/config/patch/piwik.patch b/docker/demo/docker-burpui/assets/config/patch/piwik.patch index c4a6ca52..db162319 100644 --- a/docker/demo/docker-burpui/assets/config/patch/piwik.patch +++ b/docker/demo/docker-burpui/assets/config/patch/piwik.patch @@ -4,12 +4,12 @@ _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { - var u="//ziirish.info/piwik/"; - _paq.push(['setTrackerUrl', u+'piwik.php']); - _paq.push(['setSiteId', 4]); + var u="{{ config.BUI_PIWIK_URL }}"; + _paq.push(['setTrackerUrl', u+'{{ config.BUI_PIWIK_SCRIPT }}']); + _paq.push(['setSiteId', {{ config.BUI_PIWIK_ID }}]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })(); - + diff --git a/docker/demo/docker-burpui/assets/init b/docker/demo/docker-burpui/assets/init index 63436300..25347e16 100755 --- a/docker/demo/docker-burpui/assets/init +++ b/docker/demo/docker-burpui/assets/init @@ -35,6 +35,9 @@ appStart () { rand=$(dd if=/dev/urandom bs=256 count=1 2>/dev/null | base64 | sed ':a;N;$!ba;s/\n//g') sed -i -r "s'@RANDOM@'$rand'" /etc/burp/burpui.cfg sed -i -r "s'@DSN@'$SENTRY_DSN'" /etc/burp/burpui.cfg + sed -i -r "s'@PIWIK_URL@'$SPIWIK_URL'" /etc/burp/burpui.cfg + sed -i -r "s'@PIWIK_SCRIPT@'$PIWIK_SCRIPT'" /etc/burp/burpui.cfg + sed -i -r "s'@PIWIK_ID@'$PIWIK_ID'" /etc/burp/burpui.cfg # patch demo with piwik REP=$(cat ${CONFIG_DIR}/patch/piwik.patch)