github-starred/burp-ui: Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

mirror of https://github.com/ziirish/burp-ui.git synced 2026-05-21 06:45:24 -06:00

Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

Find a file

ziirish 7d6791afe4 test commit		2015-04-07 11:28:00 +02:00
bin	new logging options	2015-02-09 14:37:23 +01:00
burpui	fix: make it possible to view only the selected client on the live-monitoring view (see #54 )	2015-04-01 20:21:36 +02:00
contrib	add debian init file thanks to @iadmin #29	2014-10-30 14:29:57 +01:00
pictures	add screenshots	2014-12-03 09:02:27 +01:00
share/burpui/etc	fix: alow multiple users to perform a restoration simultaneously + remove the tempfiles when they have been downloaded	2015-03-15 16:36:55 +01:00
test	update tests in order to support ACL	2015-02-11 15:02:16 +01:00
.gitignore	improve test suite script	2014-12-02 11:04:56 +01:00
bui-agent.py	add: bui-agent for #14	2014-09-13 14:30:56 +02:00
buiagent.cfg	add: bui-agent for #14	2014-09-13 14:30:56 +02:00
burp-ui.py	fix executable	2014-08-25 20:03:20 +02:00
burpui.cfg	change default configuration	2014-08-26 11:40:24 +02:00
CHANGELOG.rst	update CHANGELOG	2015-03-10 17:05:52 +01:00
LICENSE	fix: typo	2014-05-27 12:12:11 +02:00
MANIFEST.in	update MANIFEST.in	2014-10-31 16:53:04 +01:00
README.rst	test commit	2015-04-07 11:28:00 +02:00
requirements.txt	new requirement due to API changes	2015-03-15 16:46:38 +01:00
setup.py	fix setup.py	2014-10-31 16:46:15 +01:00
test-requirements.txt	switch to nose for unittest	2014-11-26 11:13:16 +01:00
VERSION	update version to 0.0.6	2014-12-15 20:48:15 +01:00

README.rst

Build Status
------------

.. image:: https://ci.ziirish.me/projects/1/status.png?ref=master
:target: https://ci.ziirish.me/projects/1?ref=master

Screenshots
-----------

.. image:: https://raw.githubusercontent.com/ziirish/burp-ui/master/pictures/burp-ui.gif
:target: https://git.ziirish.me/ziirish/burp-ui/blob/master/pictures/burp-ui.gif

What's that?
------------

Let me introduce you ``Burp-UI``. It is a web-based UI to manage your
burp-servers.
You can view different reports about burp-servers, burp-clients, backups, etc.
``Burp-UI`` allows you to perform *on-the-fly* restorations and should allow
you to edit/manage your burp-server's conf file very soon.

It is actually an improvement of the burp status monitor (``burp -c /etc/burp/burp-server.conf -a s``).

It currently supports only the burp-1.x branch but it is totally modular so
supporting burp-2.x won't be a big deal.
So in order to work properly, you must be running ``Burp-UI`` on the same host
that runs your burp-server (because the burp status port only listen on
*localhost*).
If you don't want to, I developed a ``bui-agent`` that allows you to *proxify*
external commands to your burp status port.

Who are you?
------------

I'm `Ziirish <http://ziirish.info>`_, a French sysadmin that loves `Burp`_ and
would like to help its adoption by providing it a nice and powerful interface.
If you like my work, you can:

* Thank me by sending me an email or writing a nice comment
* Buy me a beer or some fries or both!
* Make a donation on my Paypal

Contributing
------------

Contributions are welcome. You can help in any way you want, for instance by
opening issues on the `bug tracker <https://git.ziirish.me/ziirish/burp-ui/issues>`__,
sending patches, etc.
There is also a dedicated website. Currently it only hosts a `Discourse <http://www.discourse.org/>`__
instance where you ca discuss with each other.
Feel free to use it and post your tips and remarks.
The address is: `http://burpui.ziirish.me/ <http://burpui.ziirish.me/>`__

Requirements
------------

Please note that currently, ``Burp-UI`` must be running on the same server that
runs the burp-server.

For LDAP authentication (optional), we need the ``simpleldap`` module that
requires the following packages on Debian:

aptitude install libsasl2-dev libldap2-dev python-dev

Then we install the module itself:

pip install simpleldap

If you would like to use SSL, you will need the ``python-openssl`` package.
On Debian:

aptitude install python-openssl

Installation
------------

``Burp-UI`` is written in Python with the `Flask`_ micro-framework.
The easiest way to install Flask is to use ``pip``.

On Debian, you can install ``pip`` with the following command:

aptitude install python-pip

Once ``pip`` is installed, you can install ``Burp-UI`` this way:

pip install burp-ui

You can setup various parameters in the `burpui.cfg`_ file.
This file can be specified with the ``-c`` flag or should be present in
``/etc/burp/burpui.cfg``.
By default ``Burp-UI`` ships with a default file located in
``$BURPUIDIR/../share/burpui/etc/burpui.cfg``.

Then you can run ``burp-ui``: ``burp-ui``

By default, ``burp-ui`` listens on all interfaces (including IPv6) on port 5000.

You can then point your browser to http://127.0.0.1:5000/

Development
-----------

If you wish to use the latest and yet unstable version (eg. `master <https://git.ziirish.me/ziirish/burp-ui/tree/master>`__),
you can install it using ``pip`` too, but I would recommend you to use a
``virtualenv``.

To do so, run the following commands:

mkdir /opt/bui-venv
pip install virtualenv
virtualenv /opt/bui-venv
source /opt/bui-venv/bin/activate
pip install git+https://git.ziirish.me/ziirish/burp-ui.git

You can uninstall/disable this ``Burp-UI`` setup by typing ``deactivate`` and
removing the ``/opt/bui-venv`` directory.

Gunicorn
--------

Starting from v0.0.6, ``Burp-UI`` supports `Gunicorn <http://gunicorn.org>`_ in
order to handle multiple users simultaneously.

You need to install ``gunicorn`` and ``eventlet``:

pip install eventlet
pip install gunicorn

You will then be able to launch ``Burp-UI`` this way:

gunicorn -k eventlet -w 4 'burpui:init(conf="/path/to/burpui.cfg")'

Instructions
------------

In order to make the *on the fly* restoration/download functionality work, you
need to check a few things:

1. Provide the full path of the burp (client) binary file
2. Provide the full path of an empty directory where a temporary restoration
will be made. This involves you have enough space left on that location on
the server that runs ``Burp-UI``
3. Launch ``Burp-UI`` with a user that can proceed restorations and that can
write in the directory above
4. Make sure to configure a client on the server that runs ``Burp-UI`` that can
restore files of other clients (option *restore_client* in burp-server
configuration)

Troubleshooting
---------------

In case you encounter troubles with ``Burp-UI``, you should run it with the
``-d`` flag and paste the relevant output within your bug-report.
Please also give the version of ``burp`` AND ``Burp-UI``.
Since v0.0.6 you can use the ``-V`` or ``--version`` flag in order to get your
version number.

Notes
-----

Please feel free to report any issues on my `gitlab <https://git.ziirish.me/ziirish/burp-ui/issues>`_.
I have closed the *github tracker* to have a unique tracker system.

TODO
----

`Here <https://git.ziirish.me/ziirish/burp-ui/issues?label_name=todo>`_ is a
non-exhaustive list of things I'd like to add.

Also note that in the future, I'd like to write a burp-client GUI.
But I didn't think yet of what to do.

Changelog
---------

The Changelog has been replaced by `this file <https://git.ziirish.me/ziirish/burp-ui/blob/master/CHANGELOG.rst>`_.

Licenses
--------

``Burp-UI`` is released under the BSD 3-clause `License`_.

But this project is built on top of other tools listed here:

- `d3.js <http://d3js.org/>`_ (`BSD <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/d3/LICENSE>`__)
- `nvd3.js <http://nvd3.org/>`_ (`Apache <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/nvd3/LICENSE.md>`__)
- `jQuery <http://jquery.com/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/jquery/MIT-LICENSE.txt>`__)
- `jQuery-UI <http://jqueryui.com/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/jquery-ui/MIT-LICENSE.txt>`__)
- `fancytree <https://github.com/mar10/fancytree>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/fancytree/MIT-LICENSE.txt>`__)
- `bootstrap <http://getbootstrap.com/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/bootstrap/LICENSE>`__)
- `typeahead <http://twitter.github.io/typeahead.js/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/typeahead/LICENSE>`__)
- `bootswatch <http://bootswatch.com/>`_ theme ``Slate`` (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/bootstrap/bootswatch.LICENSE>`__)
- `angular-bootstrap-switch <https://github.com/frapontillo/angular-bootstrap-switch>`_ (`Apache <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/angular-bootstrap-switch/LICENSE>`__)
- `angular.js <https://angularjs.org/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/angularjs/LICENSE>`__)
- `angular-ui-select <https://github.com/angular-ui/ui-select>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/angular-ui-select/LICENSE>`__)
- `AngularStrap <http://mgcrea.github.io/angular-strap/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/angular-strap/LICENSE.md>`__)
- `lodash <https://github.com/lodash/lodash>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/lodash/LICENSE.txt>`__)
- `DataTables <http://datatables.net/>`_ (`MIT <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/DataTables/LICENSE.txt>`__)
- Home-made `favicon <https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui/static/images/favicon.ico>`_ based on pictures from `simpsoncrazy <http://www.simpsoncrazy.com/pictures/homer>`_

Also note that this project is made with the Awesome `Flask`_ micro-framework.

Thanks
------

Special Thanks to Graham Keeling for its great software! This project would not
exist without `Burp`_.

.. _Flask: http://flask.pocoo.org/
.. _License: https://git.ziirish.me/ziirish/burp-ui/blob/master/LICENSE
.. _Burp: http://burp.grke.org/
.. _burpui.cfg: https://git.ziirish.me/ziirish/burp-ui/blob/master/burpui.cfg