Basic usage

General Instructions


Burp-UI tries to be as less intrusive as possible with Burp internals. In order to make the online restoration/download functionality work, you need to check a few things:

  1. Provide the full path of the burp (client) binary file (field burpbin in burp-ui configuration)

  2. Provide a burp-client configuration file (field bconfcli in burp-ui configuration)

  3. Provide the full path of an empty directory where a temporary restoration will be made. This involves you have enough space left on that location on the server that runs Burp-UI

  4. Launch Burp-UI with a user that can proceed restorations and that can write in the directory mentioned above

  5. Make sure the client provided in 2. can restore files of other clients (option restore_client in burp-server configuration). The restore_client is the cname you provided in your client configuration file (see 2.)

Burp 2

When using the burp2 backend, Burp-UI can be executed on any machine as long as you can access the burp status port, but you will not be able to edit the burp server configuration file within the settings view of Burp-UI. You also need to configure a restore_client on your burp server corresponding to the client you will use through Burp-UI (see the restoration procedure above for details on how to do this)


Since v0.5.0, Burp-UI ships with some tools to help you configure both Burp and Burp-UI. Please refer to the bui-manage page for details.


usage: burp-ui [-h] [-v] [-d] [-V] [-c <CONFIG>] [-l <FILE>]
               [-i <MIGRATIONSDIR>]

positional arguments:

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         increase output verbosity (e.g., -vv is more verbose
                        than -v)
  -d, --debug           enable debug mode
  -V, --version         print version and exit
  -c <CONFIG>, --config <CONFIG>
                        burp-ui configuration file
  -l <FILE>, --logfile <FILE>
                        output logs in defined file
                        migrations directory


Since v0.4.0, the bind and port options are not supported anymore. You can still force the port and listening address as explained bellow or you can have a look at the upgrading section of the documentation for further details.

Developer options

Since v0.4.0, Burp-UI uses the new Flask’s CLI module. This change brings new options to help you debug your development environment:

Usage: flask run [OPTIONS]

  Runs a local development server for the Flask application.

  This local server is recommended for development purposes only but it can
  also be used for simple intranet deployments.  By default it will not
  support any sort of concurrency at all to simplify debugging.  This can be
  changed with the --with-threads option which will enable basic

  The reloader and debugger are by default enabled if the debug flag of
  Flask is enabled and disabled otherwise.

  -h, --host TEXT                 The interface to bind to.
  -p, --port INTEGER              The port to bind to.
  --reload / --no-reload          Enable or disable the reloader.  By default
                                  the reloader is active if debug is enabled.
  --debugger / --no-debugger      Enable or disable the debugger.  By default
                                  the debugger is active if debug is enabled.
  --eager-loading / --lazy-loader
                                  Enable or disable eager loading.  By default
                                  eager loading is enabled if the reloader is
  --with-threads / --without-threads
                                  Enable or disable multithreading.
  --help                          Show this message and exit.

Some options are redundant with Burp-UI’s one.


By default, the embedded server listens on on port 5000, if you wish to change this, you would run something like:

burp-ui -- -h -p 8080


The -- is mandatory.