Coder Social home page Coder Social logo

pschiffe / docker-burp Goto Github PK

View Code? Open in Web Editor NEW
16.0 3.0 6.0 64 KB

Server, client and web ui Docker images for Burp

Home Page: https://hub.docker.com/r/pschiffe/burp-server/

License: MIT License

Smarty 66.41% Shell 16.22% Dockerfile 17.37%
burp-server rsync backup docker docker-images burp burp-client burp-ui docker-compose encryption

docker-burp's Introduction

Burp Backup in Docker

This repository contains Docker images for the Burp 2.x server, client, and web UI. All images are available at Docker Hub:

https://hub.docker.com/r/pschiffe/burp-server/

https://hub.docker.com/r/pschiffe/burp-client/

https://hub.docker.com/r/pschiffe/burp-ui/

Source GitHub repository: https://github.com/pschiffe/docker-burp

Static Badge Static Badge

If this project is useful to you, please consider sponsoring me to support maintenance and further development. Thank you!

Burp Server

Docker Image Size (tag) Docker Pulls

https://hub.docker.com/r/pschiffe/burp-server/

The Burp server image includes optional encryption, secure rsync to a remote location, and a bui-agent for the web UI.

Persistent data

The container utilizes two persistent volumes: /etc/burp for configuration files and /var/spool/burp for storing backups.

Systemd

Systemd is used to manage multiple processes within the container. This requires /run and /tmp to be mounted on tmpfs, and currently, the container must run with privileged access. Example Docker run bit when running on Red Hat based distro: --tmpfs /run --tmpfs /tmp --privileged

If you are using SELinux on the host, you need to enable the container_manage_cgroup variable with setsebool -P container_manage_cgroup 1.

Additionally, if you want to see the logs with the docker logs command, allocate a tty for the container with the -t, --tty option.

Adding clients

The client configuration can be automatically generated on the server using the BURP_CLIENTS_CONFIG environment variable. The format of this variable is: 'client1-hostname:client1-password client2-hostname:client2-password ...'

Example

docker run -dt -p 4971:4971 --name burp-server \
  -v burp-server-conf:/etc/burp \
  -v burp-server-data:/var/spool/burp \
  -e 'BURP_CLIENTS_CONFIG=host1:pass1 host2:pass2 host3:pass3'
  --tmpfs /run --tmpfs /tmp --privileged \
  pschiffe/burp-server

Encryption

You can encrypt backup data using EncFS. To use it, simply provide encryption password in ENCRYPT_PASSWORD env var. Because the EncFS is fuse fs, you need to expose the /dev/fuse to the container with --device /dev/fuse, provide additional capability and possibly disable selinux (or apparmor) confinement with --cap-add SYS_ADMIN --security-opt label:disable.

Rsync to remote location

To regularly synchronize your backup data with a remote location, you can utilize the built-in Rsync support. With RSYNC_DEST env var specify remote location in format rsync://user@server/path. Password for rsync user can be provided in RSYNC_PASS env var. If the remote location provides rsync secured with stunnel, you can use that as well. Specify remote server and port in STUNNEL_RSYNC_HOST env var in format server:port and then, change the server part of the RSYNC_DEST to localhost, as in rsync://user@localhost/path.

If at least RSYNC_DEST env var is set, timer script in the container will try to rsync the local data to the remote location at around 6 AM every morning (this can be modified in /etc/systemd/system/rsync-sync.timer file).

And that's not all, there is one more feature - if you set RESTORE_FROM_RSYNC env var to 1 and /var/spool/burp directory is empty, the container will try to download all the data from remote location with rsync (required rsync connection env vars must be set).

Burp Web UI

Docker Image Size (tag) Docker Pulls

https://hub.docker.com/r/pschiffe/burp-ui/

The Burp UI image contains an awesome web UI for Burp created by Ziirish. If you're running this container on the same host as the Burp server, you can link this container to the Burp server using the alias burp. This is essentially all you need to do. The web service is listening on port 5000. If you want to manage the Burp server on a different host, you first need to specify the BUI_AGENT_PASSWORD environment variable and expose port 10000 of the burp-server container. Then, you need to manually edit the /etc/burp/burpui.cfg.tpl file in the burp-ui container and add a new [Agent:name] section to it. Be sure to update the template file burpui.cfg.tpl as the burpui.cfg file is overwritten every time the container starts.

Persistent data

/etc/burp directory contains configuration for this container.

Example

docker run -d -p 5000:5000 --name burp-ui \
  -v burp-ui-conf:/etc/burp \
  --link burp-server:burp \
  pschiffe/burp-ui

Burp Client

Docker Image Size (tag) Docker Pulls

https://hub.docker.com/r/pschiffe/burp-client/

To back up data and send it to the Burp server, you need the Burp client. Usage of this image is pretty simple. With the BURP_SERVER and BURP_SERVER_PORT environment variables, you can specify the address and port of the Burp server. The client password goes in the BURP_CLIENT_PASSWORD environment variable, and everything you need to back up should be mounted to the /tobackup directory in the container. Be aware, however, that you might need to use the --security-opt label:disable option when accessing various system directories on the host. It's also possible to link the client to the Burp server container with the alias burp. I recommend setting the container hostname to something meaningful, as the client will be identified by its hostname in the Burp server configuration.

Persistent data

/etc/burp persistent directory in the container stores Burp client configuration.

Example

docker run -d --name burp-client \
  -e BURP_SERVER=some-server.host \
  -e BURP_CLIENT_PASSWORD=super-secret \
  -v burp-client-conf:/etc/burp \
  -v /etc:/tobackup/somehost-etc:ro \
  -v /home:/tobackup/somehost-home:ro \
  -v some-docker-vol:/tobackup/some-docker-vol:ro \
  --hostname $HOSTNAME \
  --security-opt label:disable \
  pschiffe/burp-client

Once this container is started, it backs up the specified data and exits. After that, I recommend starting the container approximately every 20 minutes using docker start burp-client. This allows the container to check with the server and back up new files if scheduled. Please note that the backup schedule is determined by the server, not the client.

Data recovery

You can also use this container to recover data from a remote server. You simply need to provide arguments in the same way you would for a regular Burp client CLI, for example:

docker run -d --name burp-client \
  -e BURP_SERVER=some-server.host \
  -e BURP_CLIENT_PASSWORD=super-secret \
  -v burp-client-conf:/etc/burp \
  -v /etc:/tobackup/somehost-etc \
  --hostname $HOSTNAME \
  --security-opt label:disable \
  pschiffe/burp-client \
  -al /tobackup/somehost-etc

docker-burp's People

Contributors

alexgarel avatar dependabot[bot] avatar pschiffe avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

itc3-devops psychedel cbk914 alexgarel evilvir canuenal

docker-burp's Issues

burp-client /etc/burp volume mounting overwrites burp.conf template

If I mount the /etc/burp/ volume as stated in your client docker command it overwrite the template and therefore the client is doing nothing.

I deleted the volume flag and now it seems to start up correctly, but only to see following start up behavior:

2017-03-20 11:10:52: burp[1] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory
burp-client    | 2017-03-20 11:10:52: burp[1] Could not find ssl_key /etc/burp/ssl_cert-client.key: No such file or directory
burp-client    | 2017-03-20 11:10:52: burp[1] Could not find ssl_cert_ca /etc/burp/ssl_cert_ca.pem: No such file or directory
burp-client    | 2017-03-20 11:10:52: burp[1] auth ok
burp-client    | 2017-03-20 11:10:52: burp[1] Server version: 2.0.54
burp-client    | 2017-03-20 11:10:52: burp[1] Server will sign a certificate request
burp-client    | 2017-03-20 11:10:52: burp[1] Generating SSL key and certificate signing request
burp-client    | 2017-03-20 11:10:52: burp[1] Running '/usr/sbin/burp_ca --key --keypath /etc/burp/ssl_cert-client.key --request --requestpath /etc/burp/CA-client/test.csr --name test'
burp-client    | generating key test: /etc/burp/ssl_cert-client.key
burp-client    | Generating RSA private key, 2048 bit long modulus
burp-client    | ......................................................................+++
burp-client    | .......................................+++
burp-client    | e is 65537 (0x10001)
burp-client    | generating request test
burp-client    | 2017-03-20 11:10:52: burp[1] /usr/sbin/burp_ca returned: 0
burp-client    | 2017-03-20 11:10:52: burp[1] Sent /etc/burp/CA-client/test.csr
burp-client    | 2017-03-20 11:10:53: burp[1] Received: /etc/burp/ssl_cert-client.pem.1
burp-client    | 2017-03-20 11:10:53: burp[1] Received: /etc/burp/ssl_cert_ca.pem.1
burp-client    | 2017-03-20 11:10:53: burp[1] Rewriting conf file: /etc/burp/burp.conf
burp-client    | 2017-03-20 11:10:53: burp[1] Re-opening connection to server
burp-client    | 2017-03-20 11:10:58: burp[1] auth ok
burp-client    | 2017-03-20 11:10:58: burp[1] Server version: 2.0.54
burp-client    | 2017-03-20 11:10:58: burp[1] nocsr ok
burp-client    | 2017-03-20 11:10:58: burp[1] SSL is using cipher: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
burp-client    | 
burp-client    | 2017-03-20 11:10:58: burp[1] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=1:rshash=blake2:
burp-client    | 2017-03-20 11:10:58: burp[1] Server is forcing protocol 1
burp-client    | 2017-03-20 11:10:58: burp[1] Timer conditions on the server were not met
burp-client    | 2017-03-20 11:14:18: burp[1] auth ok
burp-client    | 2017-03-20 11:14:18: burp[1] Server version: 2.0.54
burp-client    | 2017-03-20 11:14:18: burp[1] nocsr ok
burp-client    | 2017-03-20 11:14:18: burp[1] SSL is using cipher: AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
burp-client    | 
burp-client    | 2017-03-20 11:14:18: burp[1] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=1:rshash=blake2:
burp-client    | 2017-03-20 11:14:18: burp[1] Server is forcing protocol 1
burp-client    | 2017-03-20 11:14:18: burp[1] Timer conditions on the server were not met

I did not change any configuration, except adding the hostname to the clientconfdir with the password.

That is my docker-compose file:

version: '3'

services:
  burp-ui:
    image: pschiffe/burp-ui 
    container_name: burp-ui
    environment:
       - BUI_AGENT_PASSWORD=password
    ports:
      - "5000:5000"
    volumes:
       - "./conf:/etc/burp"

  burp-server:
    container_name: burp-server
    image: pschiffe/burp-server
    volumes:
      - ./conf_server:/etc/burp
      - ./data_server:/var/spool/burp
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    tmpfs: 
      - /run
      - /tmp
    cap_add: 
      - SYS_ADMIN
    ports:
      - 4971:4971
      - 10000:10000
    tty: true

  burp-client:
    container_name: burp-client
    image: pschiffe/burp-client
    environment: 
      - BURP_SERVER=192.168.1.102
      - BURP_CLIENT_PASSWORD=super-secret
    volumes: 
      #- ./conf_client:/etc/burp
      - /home/jazz/ownCloud/Keys:/tobackup/somehost-etc:ro
      - /home/jazz/ownCloud/Fotos:/tobackup/somehost-home:ro
    hostname: test

Completely destroyed burp-ui

When I start the burp-ui and display it with chrome or firefox it shows as the screenshot below. What's wrong here?

bildschirmfoto vom 2017-03-08 10-32-49

burpui.cfg gets overwritten

hi,

i wanna do changes to the burpui.cfg to activate ldap. neither editing the file while running the containers or while they are stopped worked for me. As soon as i restart the container the config is resetted.

Here is my docker-compose.yml:

version: '3'

services:
  burp-server:
    container_name: burp
    image: pschiffe/burp-server
    tty: true
    volumes:
      - burp-server-conf:/etc/burp
      - burp-server-data:/var/spool/burp
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    tmpfs:
      - /run
      - /tmp
    environment:
      - BUI_AGENT_PASSWORD=secret-burp-server-pw
      - "BURP_CLIENTS_CONFIG=burp-client:super-secret"
#    networks:
#      burp:
#        aliases:
#          - burp

  burp-ui:
    image: pschiffe/burp-ui
    container_name: burp-ui
    volumes:
      - burp-ui-conf:/etc/burp
    environment:
      - BUI_AGENT_PASSWORD=secret-burp-server-pw
 #   networks:
 #     - burp
 #     - default
    ports:
      - "8020:5000"
    depends_on:
      - burp-server
    labels:     
      - "traefik.enable=true"   
      - "traefik.http.services.burpui.loadbalancer.server.port=5000"
      - "traefik.http.routers.burpui.entrypoints=web"   
      - "traefik.http.routers.burpui.rule=Host(`burp.local`)"


#networks:
#  burp:

volumes:
  burp-server-conf:
  burp-server-data:
  burp-ui-conf:

Regular builds, tagging version numbers, etc.

This looks pretty great, though with only 14 commits, I do wonder how much time was spent ensuring consistent behavior. If you're maintaining this, would you consider automating regular builds of this project and tagging them with what versions of burp-server are being used in the image?

Updated burp image

Hi,

Thanks for the work, I just stumbled upon it while looking for a containerised web UI deployment for burp.

I checked on docker hub and the last updated image was pushed 2 years ago. Do you plan to push newer images in the future?

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.