cleanup

docker/demo/docker-burp2/assets/config/burp-ui/buiagent.cfg

@@ -0,0 +1,22 @@
+[Global]
+# On which port is the application listening
+port = 10000
+# On which address is the application listening
+# '0.0.0.0' is the default for all IPv4
+bind = 0.0.0.0
+# enable SSL
+ssl = false
+# ssl cert
+sslcert = /etc/burp/ssl_cert-server.pem
+# ssl key
+sslkey = /etc/burp/ssl_cert-server.key
+# burp server version (currently only burp 1.x is implemented)
+version = 2
+# agent password
+password = azerty
+
+[Burp2]
+tmpdir = /tmp/bui/
+timeout = 30
+bconfcli = /tmp/burp.conf
+stripbin = /usr/bin/vss_strip

docker/demo/docker-burp2/assets/config/burp/CA.cnf

@@ -0,0 +1,34 @@
+# simple config for burp_ca
+
+RANDFILE                = /dev/urandom
+CA_DIR                  = /tmp/burp2/CA
+
+
+[ ca ]
+dir                     = $ENV::CA_DIR
+database                = $dir/index.txt
+serial                  = $dir/serial.txt
+certs                   = $dir/certs
+new_certs_dir           = $dir/newcerts
+crlnumber               = $dir/crlnumber.txt
+
+unique_subject          = no
+
+default_md              = sha1
+default_days            = 7300
+default_crl_days        = 7300
+
+#????
+name_opt                = ca_default
+cert_opt                = ca_default
+
+x509_extensions         = usr_cert
+copy_extensions         = copy
+policy                  = policy_anything
+
+[ usr_cert ]
+basicConstraints        = CA:FALSE
+
+[ policy_anything ]
+commonName              = supplied
+

docker/demo/docker-burp2/assets/config/burp/burp.conf

@@ -0,0 +1,125 @@
+# This is an example config file for the burp client.
+
+mode = client
+port = 4971
+status_port = 4972
+server = ::1
+password = abcdefgh
+cname = agent
+# Choose the protocol to use.
+# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
+# with a pseudo mirrored storage on the server and optional rsync). 2 forces
+# protocol2 mode (inline deduplication with variable length blocks).
+protocol = 1
+pidfile = /tmp/burp.client.pid
+syslog = 1
+stdout = 1
+progress_counter = 1
+# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
+# ratelimit = 1.5
+# Network timeout defaults to 7200 seconds (2 hours).
+network_timeout = 72000
+# The directory to which autoupgrade files will be downloaded.
+# To never autoupgrade, leave it commented out.
+# autoupgrade_dir=/opt/burp2/etc/autoupgrade/client
+# OS path component for the autoupgrade directory on the server.
+# autoupgrade_os=test_os
+# Wait a random number of seconds between 0 and the given number before
+# contacting the server on a timed backup.
+# randomise = 1200
+
+# Set server_can_restore to 0 if you do not want the server to be able to
+# initiate a restore.
+server_can_restore = 0
+
+# Set an encryption password if you do not trust the server with your data.
+# Note that this will mean that network deltas will not be possible. Each time
+# a file changes, the whole file will be transferred on the next backup.
+# encryption_password = My^$pAsswIrD%@
+
+# More configuration files can be read, using syntax like the following
+# (without the leading '# ').
+# . path/to/more/conf
+
+# Run as different user/group.
+# user=graham
+# group=nogroup
+
+cross_filesystem=/home
+cross_all_filesystems=0
+
+# Uncomment the following lines to automatically generate a certificate signing
+# request and send it to the server.
+ca_burp_ca = /usr/sbin/burp_ca
+ca_csr_dir = /tmp/burp2/CA-client
+
+# SSL certificate authority - same file on both server and client
+ssl_cert_ca = /tmp/burp2/ssl_cert_ca.pem
+
+# Client SSL certificate
+ssl_cert = /tmp/burp2/ssl_cert-client.pem
+
+# Client SSL key
+ssl_key = /tmp/burp2/ssl_cert-client.key
+
+# Client SSL ciphers
+#ssl_ciphers = 
+
+# Client SSL compression. Default is zlib5. Set to zlib0 to turn it off.
+#ssl_compression = zlib5
+
+# SSL key password
+ssl_key_password = password
+
+# Common name in the certificate that the server gives us
+ssl_peer_cn = burpserver
+
+# Example syntax for pre/post scripts
+#backup_script_pre=/path/to/a/script
+#backup_script_post=/path/to/a/script
+#restore_script_pre=/path/to/a/script
+#restore_script_post=/path/to/a/script
+
+# The following options specify exactly what to backup.
+# The server will override them if there is at least one 'include=' line on
+# the server side.
+include = /etc
+include = /home
+#exclude = /home/graham/testdir/librsync-0.9.7/testsuite
+#include = /home/graham/testdir/librsync-0.9.7/testsuite/deep
+#include = /home/graham/xdir
+#exclude = /home/graham/testdir/libr
+# Exclude file names ending in '.vdi' or '.vmdk' (case insensitive)
+#exclude_ext = vdi
+#exclude_ext = vmd
+# Exlude file path matching a regular expression
+# (note that 'include_regex' is not yet implemented)
+#exclude_regex = \.cache
+# Exclude various temporary file systems. You may want to add devfs, devpts,
+# proc, ramfs, etc.
+exclude_fs = sysfs
+exclude_fs = tmpfs
+# Exclude files based on size. Defaults are 0, which means no limit.
+#min_file_size = 0 Mb
+#max_file_size = 0 Mb
+# The content of directories containing a filesystem entry named like this
+# will not be backed up.
+nobackup = .nobackup
+# By default, burp backups up the fifos themselves, rather than reading from
+# them. These two options let you choose a particular fifo to read, or read
+# from all fifos.
+#read_fifo=/path/to/a/fifo
+#read_all_fifos=0
+# The same for block device nodes.
+#read_blockdev=/path/to/a/blockdev
+#read_all_blockdevs=0
+# Exclude files from compression by extension.
+exclude_comp=bz2
+exclude_comp=gz
+# When backing up, whether to enable O_NOATIME when opening files and
+# directories. The default is atime=0, which enables O_NOATIME.
+#atime=1
+# When enabled, this causes problems in the phase1 scan (such as an 'include'
+# being missing) to be treated as fatal errors. The default is 0.
+#scan_problem_raises_error=1
+

docker/demo/docker-burp2/assets/config/burp/clientconfdir/agent

@@ -0,0 +1 @@
+password = abcdefgh

docker/demo/docker-burp2/assets/config/burp/clientconfdir/demo3

@@ -0,0 +1,5 @@
+password = abcdefgh
+
+label = color: #ffcc00
+
+. inc/rules

docker/demo/docker-burp2/assets/config/burp/clientconfdir/demo4

@@ -0,0 +1,5 @@
+password = abcdefgh
+
+label = color: #9966ff
+
+. inc/rules

docker/demo/docker-burp2/assets/config/burp/clientconfdir/inc/rules

@@ -0,0 +1,5 @@
+timer_arg = 5m
+timer_arg = Mon,Tue,Wed,Thu,Fri,Sat,Sun,00,01,02,03,04,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+
+keep = 7
+keep = 4

docker/demo/docker-burp2/assets/init

@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+
+trap appStop SIGINT SIGTERM
+
+appStart () {
+  # start supervisord
+  /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+
+  chown -R burpui: /tmp/bui
+
+  echo "Starting crond..."
+  supervisorctl start cron >/dev/null
+
+  echo "Starting burp..."
+  supervisorctl start burp >/dev/null
+
+  echo "Starting bui-agent..."
+  supervisorctl start buiagent >/dev/null
+
+  # watch the access logs
+  tail -F /var/log/supervisor/buiagent.log
+}
+
+appStop() {
+  echo ""
+  echo "Stopping bui-agent..."
+  supervisorctl stop bui-agent >/dev/null
+  echo "Stopping burp..."
+  supervisorctl stop burp >/dev/null
+  echo "Stopping crond..."
+  supervisorctl stop cron >/dev/null
+  echo "Stopping supervisord..."
+  kill -15 $(cat /var/run/supervisord.pid)
+  exit
+}
+
+appHelp () {
+  echo "Available options:"
+  echo " app:start          - Starts the burp-ui server (default)"
+  echo " app:help           - Displays the help"
+  echo " [command]          - Execute the specified linux command eg. bash."
+}
+
+case "$1" in
+  app:start)
+    appStart
+    ;;
+  *)
+    if [ -x $1 ]; then
+      $1
+    else
+      prog=$(which $1)
+      if [ -n "${prog}" ] ; then
+        shift 1
+        $prog $@
+      else
+        appHelp
+      fi
+    fi
+    ;;
+esac
+
+exit 0

docker/demo/docker-burp2/assets/setup/install

@@ -0,0 +1,118 @@
+#!/bin/bash
+# Build: @build@
+set -e
+
+SETUP_DIR="/app/setup"
+CONFIG_DIR="${SETUP_DIR}/config"
+#BURPUI="https://burpui.ziirish.me/builds/burp-ui.dev.tar.gz"
+BURPUI="/tmp/burp-ui-agent.dev.tar.gz"
+
+echo "deb http://ziirish.info/repos/debian/jessie zi-stable main" >/etc/apt/sources.list.d/ziirish.list
+wget https://ziirish.info/repos/debian.gpg -O- | apt-key add -
+
+apt-get update
+apt-get install -y burp-server burp-client
+
+cd
+
+# Install burp-ui
+pip install --upgrade pip
+pip install gevent
+pip install "requests[security]"
+pip install --upgrade cffi
+pip install --upgrade $BURPUI
+pip install ujson
+
+# Create burp-ui User
+useradd -m -s /bin/bash -d /var/lib/burpui -c 'Burp-UI daemon user' -u 5337 burpui
+
+mkdir -p /var/log/gunicorn
+chown -R burpui: /var/log/gunicorn
+
+# configure supervisord log rotation
+cat > /etc/logrotate.d/supervisord <<EOF
+/var/log/supervisor/*.log {
+  weekly
+  missingok
+  rotate 52
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+# configure gunicorn log rotation
+cat > /etc/logrotate.d/gunicorn <<EOF
+/var/log/gunicorn/*.log {
+  daily
+  missingok
+  rotate 14
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+# configure supervisord to start crond
+cat > /etc/supervisor/conf.d/cron.conf <<EOF
+[program:cron]
+priority=20
+directory=/tmp
+command=/usr/sbin/cron -f
+user=root
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+# configure supervisord to start bui-agent
+cat > /etc/supervisor/conf.d/buiagent.conf <<EOF
+[program:buiagent]
+priority=20
+directory=/tmp
+command=/usr/local/bin/bui-agent -v
+user=burpui
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+# configure supervisord to start burp
+cat > /etc/supervisor/conf.d/burp.conf <<EOF
+[program:burp]
+priority=20
+directory=/tmp
+command=/usr/sbin/burp -F -c /etc/burp/burp-server.conf
+user=root
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+EOF
+
+cat ${CONFIG_DIR}/burp/burp.conf >/tmp/burp.conf
+chown burpui: /tmp/burp.conf
+
+cat ${CONFIG_DIR}/burp/CA.cnf >/etc/burp/CA.cnf
+
+sed -i "s/^max_status_children.*$/max_status_children = 10000/" /etc/burp/burp-server.conf
+echo "restore_client = agent" >>/etc/burp/burp-server.conf
+echo "monitor_browse_cache = 1" >>/etc/burp/burp-server.conf
+
+cp ${CONFIG_DIR}/burp-ui/buiagent.cfg /etc/burp/buiagent.cfg
+
+rm -rf /etc/burp/clientconfdir
+cp -r ${CONFIG_DIR}/burp/clientconfdir/ /etc/burp/
+
+mkdir -p /tmp/burp2/CA-client
+chgrp -R burpui /tmp/burp2
+chmod -R g+w /tmp/burp2
+
+/usr/sbin/burp -g -c /etc/burp/burp-server.conf
+
+# cleanup
+rm -rf /var/lib/apt/lists/*