Hello,
I'm pleased to introduce you this new stable version of Burp-UI.
This release is special because I've been working on Burp-UI for 4 years and the last stable release was published 1 year ago, so it's a kind of anniversary release, but with a lot of exciting features.
Announce
Burp-UI is a web-based interface aimed to monitor your backups, perform "online" restorations and administrate your burp-server.
The project has been announced on the burp project mailing-list in June 2014.
Here is the project homepage: https://git.ziirish.me/ziirish/burp-ui . The project documentation is hosted here .
You may find the complete changelog here .
The most notable changes are:
- Support for user developed plugins (both Authentication and Authorization)
- A complete rewrite of the ACL engine which allows these new features:
- Chain multiple ACL backends (so you can develop several Authorizations plugins)
- Introduce a new
moderatorrole - Introduce advanced grants:
read-onlyorread-writeaccess to a given agent/client - Support groups with recursive inheritance
- Support for wildcard rules
- Burp
clientconfdirtemplates Burp-UInow has an Administration panel which allows users creation/modification/deletion as well as authorizations creation/modification/deletion
As usual, a lot of bug have been fixed and the overall look&feel should have be improved with a slightly refreshed UI and some speedup improvements.
There is a python pip package available, the installation procedure is described in the documentation .
Please feel free to report any issue on the project issue tracker or on burp-users mailing list.
Highlights
This version of Burp-UI is the biggest so far with more than 340 commits , 19681 lines of code additions and 5252 lines of code deletions..
Here are some highlights of the new features brought to you with this release.
Full rewrite of the ACL engine
The ACL engine has been totally re-designed with this release to handle groups, a new moderator profile and advanced grants. These changes have been documented here .
Plugins support
You can now write your own Authentication and Authorization plugins. The development API has been documented as well.
clientconfdir templates
The clientconfdir templates feature allows you to define clients templates in order to speed-up your clients configuration. A template is basically a virtual client so you can configure them as if you were configuring any client through the Burp settings interface.
Here are some screenshots:
Templates list (direct link)
Template configuration (direct link)
Clients list (direct link)
Client configuration (direct link)
Administration panel
Last but not least, there is now a Administration panel within Burp-UI allowing you to manage both authentications and authorizations. The backends need to implement some functions in order to manage user or grant creation/modification/deletion. Currently, only the BASIC authentication backend and the BASIC:ACL authorization backend implement all the features.
Here are some screenshots of what you can do through this new panel:
List users (direct link)
Edit a user (direct link)
Delete a user (direct link)
List authorizations/grants (direct link)
Show authorizations/grants details (direct link)
Show roles (direct link)
List of authorization groups (direct link)
Roadmap
For the next version of Burp-UI, I will try to focus on test coverage. I also plan to drop python 2 support since it won't be supported anymore by the Python community within 2 years. Some feature requests have already be made but the full roadmap is not 100% defined yet.
Thanks
I would like to thank the contributors for their bug reports and/or code contributions. Special thanks to Orsiris and Pablo both for their technical and financial participation during this release cycle.