Manage

Since v0.3.0, Burp-UI ships with a tool called bui-manage. This tool allows you to create new users and to manage database migrations.

This tool is actually a wrapper script that interacts with the core of Burp-UI. You can use it like this:

bui-manage [wrapper options...] [--] <subcommand>

This page details the subcommand usage. The tool provides some inline help too:

bui-manage -h
usage: bui-manage [-h] [-c <CONFIG>] [-i <MIGRATIONSDIR>]
                  [-m <agent|server|worker|manage>]
                  ...

positional arguments:
  remaining

optional arguments:
  -h, --help            show this help message and exit
  -c <CONFIG>, --config <CONFIG>
                        burp-ui configuration file
  -i <MIGRATIONSDIR>, --migrations <MIGRATIONSDIR>
                        migrations directory
  -m <agent|server|worker|manage>, --mode <agent|server|worker|manage>
                        application mode
# note the -- used to separate the wrapper from the actual command
bui-manage -- --help
Usage: flask [OPTIONS] COMMAND [ARGS]...

  This shell command acts as general utility script for Flask applications.

  It loads the application configured (either through the FLASK_APP
  environment variable) and then provides commands either provided by the
  application or Flask itself.

  The most useful commands are the "run" and "shell" command.

  Example usage:

    $ export FLASK_APP=hello
    $ export FLASK_DEBUG=1
    $ flask run

Options:
  --help  Show this message and exit.

Commands:
  compile_translation  Compile translations.
  create_user          Create a new user.
  db                   Perform database migrations.
  init_translation     Initialize a new translation for the given...
  run                  Runs a development server.
  setup_burp           Setup burp client for burp-ui.
  shell                Runs a shell in the app context.
  update_translation   Update translation files.

Database

To manage database migration, you first need to enable database support within your configuration file (see Production section)

You will also need some extra requirements:

pip install "burp-ui[sql]"

Then you just have to run the following command to have your database setup:

bui-manage db upgrade

If your configuration is not in a common location, you can specify it like this:

bui-manage -c path/to/burpui.cfg db upgrade

If you did not install Burp-UI in a common location or you want to run it without installing it directly through the sources, you may need to specify the location of the migrations scripts like this:

bui-manage -c path/to/burpui.cfg -i path/to/migrations db upgrade

Users

You can create new users using the bui-manage file like this:

bui-manage create_user <new_username>

By default, the script will create new users for the Basic authentication backend. Without further details, a new password will be generated. You can either provide a password through the command line or tell the script to ask you what to setup using either the -p or -a options.

Examples:

bui-manage create_user user1
[*] Adding 'user1' user...
[+] Generated password: 71VIanuJ
[+] Success: True

bui-manage create_user -p toto user2
[*] Adding 'user2' user...
[+] Success: True

bui-manage create_user -a user3
[*] Adding 'user3' user...
Password:
Confirm:
[+] Success: True

Configure

Since v0.4.0, the bui-manage tool is now able to help you setup both Burp and Burp-UI so they speak to each other.

The available options are:

bui-manage setup_burp --help
Usage: flask setup_burp [OPTIONS]

  Setup burp client for burp-ui.

Options:
  -b, --burp-conf-cli TEXT   Burp client configuration file
  -s, --burp-conf-serv TEXT  Burp server configuration file
  -c, --client TEXT          Name of the burp client that will be used by
                             Burp-UI (defaults to "bui")
  -h, --host TEXT            Address of the status server (defaults to "::1")
  -r, --redis TEXT           Redis URL to connect to
  -d, --database TEXT        Database to connect to for persistent storage
  -n, --dry                  Dry mode. Do not edit the files but display
                             changes
  --help                     Show this message and exit.

The script needs the Burp configuration files to be readable AND writable.

Note

This script was initially developped to setup the docker image. I do not guarantee to be able to support it out of the docker context.

The docker image uses this script like this:

bui-manage -c $BURPUI_CONFIG setup_burp -b $BURP_CLIENT_CONFIG \
    -s $BURP_SERVER_CONFIG -h $BURP_SERVER_ADDR -c $BURPUI_CLIENT_NAME \
    -r $REDIS_SERVER -d $DATABASE_URL