Auth

Here is the auth interface definition in order to implement a new authentication backend. It is composed by two classes.

class burpui.misc.auth.interface.BUIhandler[source]

The burpui.misc.auth.interface.BUIhandler class maintains a list of Burp-UI users.

Parameters:app (burpui.engines.server.BUIServer) – Instance of the app we are running in
remove(name)[source]

The burpui.misc.auth.interface.BUIhandler.remove() function allows to remove a user from the cache.

Parameters:name (str) – Name of the user to remove
user(name=None, refresh=False)[source]

The burpui.misc.auth.interface.BUIhandler.user() function returns the flask_login:flask_login.UserMixin object corresponding to the given user name.

Parameters:
  • name (str) – Name of the user
  • refresh (bool) – Whether we need to re-create a fresh user or not
Returns:

burpui.misc.auth.interface.BUIuser

class burpui.misc.auth.interface.BUIuser[source]

The burpui.misc.auth.interface.BUIuser class extends the flask_login:flask_login.UserMixin class.

is_active
Returns:True if user is active, otherwise False
is_admin

If no ACL engine is loaded, every logged-in user will be granted admin rights :returns: True if the user is admin, otherwise False

is_authenticated
Returns:True if a user is authenticated, otherwise False
is_moderator

If no ACL engine is loaded, every logged-in user will be granted moderator rights :returns: True if the user is moderator, otherwise False

login(passwd=None)[source]

The burpui.misc.auth.interface.BUIuser.login() function checks if the profided username and password match.

Parameters:passwd (str) – Password
Returns:True if the name and password match, otherwise False