-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.yml
227 lines (204 loc) · 8.26 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
---
# file defaults/main.yml
# use syntax: https://pip.pypa.io/en/stable/reference/pip_install/#git
burpui_pip_burpui_dev: 'git+https://git.ziirish.me/ziirish/burp-ui.git@master#egg=burp-ui'
burpui_use_dev: False # False to use pip version with burpui_version var.
# workaround for https://git.ziirish.me/ziirish/burp-ui/-/issues/347#note_3770
# This workaround only works with dev version of the package install
# requires:
# burpui_use_dev: True
burpui_pip_burpui: "burp-ui"
burpui_version: 1.1.1
burpui_pip_packages:
- { name: "{{ burpui_pip_burpui }}", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[sql]", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[ldap_authentication]", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[gunicorn]", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[gunicorn-extra]", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[celery]", version: "{{ burpui_version }}" }
- { name: "{{ burpui_pip_burpui }}[websocket]", version: "{{ burpui_version }}" }
##### --- CONFIG SECTION --- #####
# burp backend to load either one of 'burp1', 'burp2', 'parallel' or 'multi'.
# If you choose 'multi', you will have to declare at lease one 'Agent' section.
# If you choose 'parallel', you need to configure the [Parallel] section.
# Parallel is not yet added and tested, see issue#33
# If you choose 'burp2', you need to configure the [Burp]
# section.
# The [Burp] section is also used with the 'parallel' backend for the restoration
# process.
# You can also use whatever custom backend you like if it is located in the
# 'plugins' directory and if it implements the right interface.
burpui_backend: burp2
burpui_nginx_port: "8080"
# This is to check availability and nginx template as reverse proxy
burpui_global_port: "5000"
#[Global]
# https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#configuration
burpui_global_version: '2'
burpui_global_auth: 'basic'
# use burpui_global_acl: 'basic' to enable this
burpui_global_acl: 'none' # By default don't enable acl
burpui_global_audit: 'none'
burpui_global_plugins: 'none'
#[UI]
burpui_ui_refresh: "180"
burpui_ui_liverefresh: "60"
burpui_ui_extras: []
# list of extras options in UI section, you can add any other line, see:
# https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#configuration
#[Production]
burpui_production_storage: "redis"
burpui_production_session: "redis://localhost:6379/0"
burpui_production_cache: "redis"
burpui_production_redis: "localhost:6379"
burpui_production_celery: "true"
burpui_production_database: "sqlite:////var/spool/burpui/celery.db"
burpui_production_limiter: "false"
burpui_production_prefix: "none"
# limiter ratio
# see https://flask-limiter.readthedocs.io/en/stable/#ratelimit-string
burpui_production_ratio: '60/minute'
burpui_production_num_proxies: '0'
burpui_production_proxy_fix_args: "{'x_proto': {num_proxies}, 'x_for': {num_proxies}, 'x_host': {num_proxies}, 'x_prefix': {num_proxies}}"
#[Security]
burpui_security_includes: "/etc/burp"
burpui_security_enforce: "false"
burpui_security_revoke: "true"
burpui_security_cookietime: "14"
burpui_security_scookie: "true"
burpui_security_appsecret: "ChangeYourSecretapp" # it is not possible to setup random when using gunicorn
# Websocket
burpui_websocket_enabled: "true"
burpui_websocket_embedded: "false"
burpui_websocket_broker: "redis"
burpui_websocket_url: "none"
burpui_websocket_debug: "false"
#[Experimental]
burpui_experimental_zip64: "false"
#[Backend]
#http://burp-ui.readthedocs.io/en/latest/advanced_usage.html#options
burpui_backend_bhost: '::1'
burpui_backend_bport: '4972' # you can use also {{ burp_server_status_port }}
burpui_backend_burpbin: "/usr/local/sbin/burp"
burpui_backend_stripbin: "/usr/local/bin/vss_strip"
burpui_backend_bconfcli: "/etc/burp/burp.conf"
burpui_backend_bconfsrv: "/etc/burp/burp-server.conf"
burpui_backend_tmpdir: "/tmp"
burpui_backend_timeout: "60"
burpui_backend_deep_inspection: "false"
# [Global]
# auth = ldap
#[LDAP:AUTH]
# https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#ldap
burpui_ldap_priority: "1"
burpui_ldap_host: "127.0.0.1"
burpui_ldap_port: "389"
burpui_ldap_encryption: "ssl"
burpui_ldap_validate: "none"
burpui_ldap_version: "TLSv1"
burpui_ldap_cafile: "none"
burpui_ldap_searchattr: "uid"
burpui_ldap_base: '"ou=users,dc=example,dc=com"'
burpui_ldap_binddn: '"cn=admin,dc=example,dc=com"'
burpui_ldap_bindpw: "Sup3rS3cr3tPa$$w0rd"
burpui_ldap_filter: '"(&({0}={1})(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"'
#[BASIC:AUTH]
burpui_basic_enabled: false
burpui_basic_priority: "2"
# Enable mixed to allow plain passwords https://git.ziirish.me/ziirish/burp-ui/issues/177#note_1794
burpui_basic_mixed: "true"
burpui_basic_users:
- { name: "admin", password: "plain$$adminstrongpassword" }
#[LOCAL:AUTH]
# https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#local
burpui_local_enabled: false
burpui_local_priority: "3"
burpui_local_users: "user1,user2"
# Minimum uid that will be allowed to login
burpui_local_limit: 1000
#[ACL]
burpui_acl_extended: 'true'
burpui_acl_assume_rw: 'true'
burpui_acl_inverse_inheritance: 'false'
burpui_acl_implicit_link: 'true'
burpui_acl_legacy: 'false'
#[BASIC:ACL]
burpui_basic_acl_enabled: false
burpui_basic_acl_priority: 100
burpui_basic_acl_admins: "user1,user2"
burpui_basic_acl_users: []
# https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#basic-acl
# burpui_basic_acl_users:
# - '+moderator = user5,user6'
# - '@moderator = '{"agents":{"ro":["agent1"]}}'
# bui-agent
# To use multiple agents:
# set burpui_backend: multiagent
burpui_agents:
- { name: "localhost", address: "127.0.0.1", port: "5001", password: "password", ssl: "false" }
# TODO: Add support for parallel backend
# https://burp-ui.readthedocs.io/en/latest/advanced_usage.html#parallel
# burpui_parallel_host: localhost
# burpui_parallel_port: 1111
# burpui_parallel_timeout: 15
# burpui_parallel_password: xxsdfsdfsf
# burpui_parallel_ssl: true
# burpui_parallel_concurrency: 2
# burpui_parallel_init_wait: 15
# Bui Celery
burpui_sv_priority: "20"
burpui_sv_directory: "/tmp"
burpui_sv_environment: "C_FORCE_ROOT=true"
burpui_sv_command: "{{ burpui_virtualenv_bin }}/bui-celery -c /etc/burp/burpui.cfg -- --beat"
burpui_sv_autostart: "true"
burpui_sv_autorestart: "true"
burpui_sv_stdout_logfile: "/var/log/supervisor/%(program_name)s.log"
burpui_sv_stderr_logfile: "/var/log/supervisor/%(program_name)s.log"
# In development options / could not make effect on all files yet
burpui_user: 'root' # for now only root will work until we handle the creation of the user and set permissions correctly
burpui_group: 'root'
# gunicorn_systemd_service enables gunicorn.yml to manually setup systemd service instead of using Debian based package
# It is set True always for RedHat based and Ubuntu equal or major to 16.04
gunicorn_systemd_service: True
bui_use_systemd: True
gunicorn_upstart_service: False
# Burpui audit basic
# https://burp-ui.readthedocs.io/en/latest/advanced_usage.html#basic-audit
burpui_audit_priority: '100'
burpui_audit_level: 'WARNING'
burpui_audit_logfile: 'none'
burpui_audit_max_bytes: '30 * 1024 * 1024'
burpui_audit_rotate: '5'
##### --- END CONFIG SECTION --- #####
##### --- PIP PACKAGES SECTION --- #####
# https://git.ziirish.me/ziirish/burp-ui/-/blob/master/requirements.txt
burpui_virtualenv: /venv_apps/bui
burpui_virtualenv_bin: "{{ burpui_virtualenv}}/bin"
burpui_virtualenv_command: python3 -m venv
# There are links in virtualenv_bin to link to /usr/local/bin
burpui_bin_links:
- bui-agent-legacy
- bui-celery
- bui-manage
- bui-monitor
- burp-ui
- burp-ui-legacy
- jsonschema
- normalizer
burpui_pip_present:
#- "cryptography"
- "redis==3.5.3"
#- "Flask-Migrate"
- "celery>=5.1.0"
- "cffi>=1.14.5"
- "gevent>=21.1.2"
- "ujson>=1.35"
- "urllib3>=1.19" # required to avoid issues with get_url module
# - "ndg-httpsclient>=0.4.2" # required to avoid issues with get_url module
#- "pyasn1==0.4.8"
#- "six>=1.10.0" # try to fix error in dependencies with requests[security]
- "requests[security]>=2.12" # required to avoid issues with get_url module
#- "normalizer==0.2.1"
burpui_pip_fixed_deps:
- werkzeug==2.3.7 # Fix issue with ImportError: cannot import name 'url_quote' from 'werkzeug.urls'
##### --------------------------- #####