FAQ¶

Is there a demo somewhere?¶

Yes, you can play with Burp-UI at demo.ziirish.me. Credentials are:

admin / admin to play with Burp-UI as an administrator
demo / demo to play with Burp-UI as a regular user

How to start using Burp-UI?¶

You may find all the basic informations to get started with Burp-UI in the README file.

How to configure my firewall?¶

When running Burp-UI in standalone mode, the embedded webserver listens on port 5000 on all interfaces.

The Burp-UI agents listens on port 10000 by default.

What are the default credentials?¶

The default login / password is admin / admin with the basic authentication backend.

How does the online restoration feature works?¶

The online restoration feature works the same way as if you were running the burp client yourself. It means Burp-UI runs the following command:

burp -a r -b <number> -C <client name> -r <regex> -d /tmp/XXX -c <bconfcli>

It then generates an archive based on the restored files.

Because of this workflow, and especially the use of the -C flag you need to tell your burp-server the client used by Burp-UI can perform a restoration for a different client. You can refer to the restoration section of this documentation along with the version section for more details.

What does the server-initiated restoration feature do and how to make it work?¶

This feature asks the server to perform a restoration on the client the next time it sees it.

In order for this feature to work, your client MUST allows the server to do that. You have to set server_can_restore = 1 (which is the default value) in your client configuration file (usually /etc/burp/burp.conf).

How can I start Burp-UI as a daemon?¶

There are several init scripts provided by some users available here.

The recommended way to run Burp-UI in production is to use Gunicorn. You can refer to the gunicorn section of this documentation for more details.

How to setup a reverse-proxy in front of Burp-UI?¶

The only way to run Burp-UI behind a reverse-proxy is to use Gunicorn. You can refer to the gunicorn section of this documentation for more details.

Why don’t I see all my clients using the burp-2 backend?¶

Starting with burp 2, you cannot see all the client through the status port unless you tell burp a particular client can see other clients statistics. See the general instructions for more details.

Are there any known issues?¶

There is a known issue section in this documentation.

How can I contribute?¶

You can refer to the contributing section of this documentation.