Auth

Here is the auth interface definition in order to implement a new authentication backend. It is composed by two classes.

class burpui.misc.auth.interface.BUIhandler[source]

The burpui.misc.auth.interface.BUIhandler class maintains a list of Burp-UI users.

Parameters

app (burpui.engines.server.BUIServer) – Instance of the app we are running in

remove(name)[source]

The burpui.misc.auth.interface.BUIhandler.remove() function allows to remove a user from the cache.

Parameters

name (str) – Name of the user to remove

abstract user(name=None, refresh=False)[source]

The burpui.misc.auth.interface.BUIhandler.user() function returns the flask_login:flask_login.UserMixin object corresponding to the given user name.

Parameters
  • name (str) – Name of the user

  • refresh (bool) – Whether we need to re-create a fresh user or not

Returns

burpui.misc.auth.interface.BUIuser

class burpui.misc.auth.interface.BUIuser[source]

The burpui.misc.auth.interface.BUIuser class extends the flask_login:flask_login.UserMixin class.

property is_active
Returns

True if user is active, otherwise False

property is_admin

If no ACL engine is loaded, every logged-in user will be granted admin rights :returns: True if the user is admin, otherwise False

property is_authenticated
Returns

True if a user is authenticated, otherwise False

property is_moderator

If no ACL engine is loaded, every logged-in user will be granted moderator rights :returns: True if the user is moderator, otherwise False

abstract login(passwd=None)[source]

The burpui.misc.auth.interface.BUIuser.login() function checks if the profided username and password match.

Parameters

passwd (str) – Password

Returns

True if the name and password match, otherwise False