Ziirish's Home :: Blog

Ziirish's Pub

 
 

Hello,

I'm pleased to introduce you this new stable version of Burp-UI.

This release is special because I've been working on Burp-UI for 4 years and the last stable release was published 1 year ago, so it's a kind of anniversary release, but with a lot of exciting features.

Announce

Burp-UI is a web-based interface aimed to monitor your backups, perform "online" restorations and administrate your burp-server.

The project has been announced on the burp project mailing-list in June 2014.

Here is the project homepage: https://git.ziirish.me/ziirish/burp-ui . The project documentation is hosted here .

You may find the complete changelog here .

The most notable changes are:

  • Support for user developed plugins (both Authentication and Authorization)
  • A complete rewrite of the ACL engine which allows these new features:
    • Chain multiple ACL backends (so you can develop several Authorizations plugins)
    • Introduce a new moderator role
    • Introduce advanced grants: read-only or read-write access to a given agent/client
    • Support groups with recursive inheritance
    • Support for wildcard rules
  • Burp clientconfdir templates
  • Burp-UI now has an Administration panel which allows users creation/modification/deletion as well as authorizations creation/modification/deletion

As usual, a lot of bug have been fixed and the overall look&feel should have be improved with a slightly refreshed UI and some speedup improvements.

There is a python pip package available, the installation procedure is described in the documentation .

Please feel free to report any issue on the project issue tracker or on burp-users mailing list.

Highlights

This version of Burp-UI is the biggest so far with more than 340 commits , 19681 lines of code additions and 5252 lines of code deletions..

Here are some highlights of the new features brought to you with this release.

Full rewrite of the ACL engine

The ACL engine has been totally re-designed with this release to handle groups, a new moderator profile and advanced grants. These changes have been documented here .

Plugins support

You can now write your own Authentication and Authorization plugins. The development API has been documented as well.

clientconfdir templates

The clientconfdir templates feature allows you to define clients templates in order to speed-up your clients configuration. A template is basically a virtual client so you can configure them as if you were configuring any client through the Burp settings interface.

Here are some screenshots:

Templates list

Templates list (direct link)

Template configuration

Template configuration (direct link)

Clients list

Clients list (direct link)

Client configuration

Client configuration (direct link)

Administration panel

Last but not least, there is now a Administration panel within Burp-UI allowing you to manage both authentications and authorizations. The backends need to implement some functions in order to manage user or grant creation/modification/deletion. Currently, only the BASIC authentication backend and the BASIC:ACL authorization backend implement all the features.

Here are some screenshots of what you can do through this new panel:

List users

List users (direct link)

Edit a user

Edit a user (direct link)

Delete a user

Delete a user (direct link)

List authorizations/grants

List authorizations/grants (direct link)

Show authorizations/grants details

Show authorizations/grants details (direct link)

Show roles

Show roles (direct link)

List of authorization groups

List of authorization groups (direct link)

Roadmap

For the next version of Burp-UI, I will try to focus on test coverage. I also plan to drop python 2 support since it won't be supported anymore by the Python community within 2 years. Some feature requests have already be made but the full roadmap is not 100% defined yet.

Thanks

I would like to thank the contributors for their bug reports and/or code contributions. Special thanks to Orsiris and Pablo both for their technical and financial participation during this release cycle.

Links

History of the development