devoteam-cybertrust / burpcollaborator-docker Goto Github PK

This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.

Shell 16.00% Dockerfile 2.53% Python 76.07% Makefile 2.31% Batchfile 3.08%

burp-collaborator-server docker letsencrypt-certificates

burpcollaborator-docker's Introduction

Burp Collaborator Server docker container with LetsEncrypt certificate

Setup your domain

Delegate a subdomain to your soon to be burp collaborator server IP address. At the minimum you'll need a NS record for the subdomain to be used (e.g. burp.example.com) pointing to your new server's A record:

burp.example.com IN NS burpserver.example.com

burpserver.example.com IN A 1.2.3.4

Check https://portswigger.net/burp/documentation/collaborator/deploying#dns-configuration for further info.

Requirements

Internet accessible server
bash
docker
bc
openssl
Burp Suite Professional

Setup the environment

Clone or download the repository to the server (tested on ubuntu 16.04) to a directory of your choice.
Put the Burp Suite JAR file in ./burp/pkg/burp.jar (make sure the name is exactly burp.jar, and it is the actual file not a link)
Run init.sh with your subdomain and server public IP address as argument:

./init.sh burp.example.com 1.2.3.4

This will start the environment for the subdomain burp.example.com, creating a wildcard certificate as *.burp.example.com.

I'm using an ugly hack on the certbot-dns-cloudflare plugin from certbot, where it just runs a local dnsmasq with the required records, and makes all of this automagically happen.

If everything is OK, burp will start with the following message:

Burp is now running with the letsencrypt certificate for domain *.burp.example.com

You can check by running docker ps, and going to burp, and pointing the collaborator configuration to your new server. Keep it mind that this configuration configures the polling server on port 9443.

The init.sh script will be renamed and disabled, so no accidents may happen.

Certificate renewal

There's a renewal script in ./certbot/certificaterenewal.sh. When run, it renews the certificate if it expires in 30 days or less;
Optionally, edit the RENEWDAYS variable if you wish to. By default it will renew the certificate every 60 days. If you want to force the renewal to check if everything is working, just set it to 89 days, and run it manually. Remember to set it back to 60 afterwards.;
Set your crontab to run this script once a day.

Updating Burp Suite

Download it and make sure you put it in ./burp/pkg/burp.jar
Restart the container with docker restart burp

Author: Bruno Morisson

Thanks to Fábio Pires (check his burp collaborator w/letsencrypt tutorial) and Herman Duarte (for betatesting and fixes)

burpcollaborator-docker's People

Contributors

Stargazers

Watchers

Forkers

techlord-rce jepsonrob g2doug expertasif avineshwar ksmaheshkumar brezelbaecker globalnetsec secoba ellipticasec slowmistio wkmc fpires-wr bbhunter modulexcite orf53975 hax0rg1rl offshores jasemalsadi blockchainguard cbk914 5l1v3r1 0xa-saline polling-repo-continua hamid-k sec99 ulises2k swipswaps conanjun coreyd97 lexus89 amalmurali47 slooppe bit4woo idfix007 istefy melbadry9 a-3-r hpy glitchsecure ndbrain 0xwr41th

burpcollaborator-docker's Issues

Feature Request: Randomizing Metrics Path

It would be great to randomize the metrics path in burpcollaborator-docker/burp/conf/burp.config to increase its security slightly.

error:DNS TXT records created by --dns-cloudflare

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Letsencrypt fails to verify TXT-record

Hey,

First of all thanks for the awesome script.
I'm trying to set this up in Ubuntu (16.04 and 18.04) and can't figure out why the DNS-requests don't get properly sent to DNSMasq. I have delegated a whole domain to the VPS which is used for Burp Collaborator.

When I run init.sh, everything is started properly but the verification fails due to not getting TXT-record. I tried diagnosing with following commands from the docker host and these won't return the TXT-record:
dig _acme-challenge.mydomain.com @mydomain.com
dig _acme-challenge.mydomain.com @127.0.0.1

However if I run dig towards the docker container's IP, (dig _acme-challenge.mydomain.com @172.17.0.2) the TXT-record can be fetched properly.

Now if I copy the DNSMasq command that the script shows and run it directly on the Docker host, everything works fine.

Should I stop some services or do some additional configuration on the host system to make this work?

Increase the Verification time at DNSMASQ

Hello,

Thanks for writing this script, Do increase the 10 seconds to user specified time. so that user can go manually & add the TXT records from dns settings.

Launching DNSMASQ...
DNSMASQ CMD: 
Waiting 10 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
Failed authorization procedure.

unable to confirm SSL

i have my NS at cloudflare and then point NS1 and NS2 at my vps and wildcard A name to my ip.

everytime it trys to grab the SSL i get.

DNSMASQ CMD:
/usr/sbin/dnsmasq -q --dns-rr=ssrfdns.fun,257,000569737375656C657473656E63727970742E6F7267 --txt-record=_acme-challenge.ssrfdns.fun,"NbzpeF7hngULgzUr8N1O9JZ5UvNzWFInhK4m3EQJbIc" --txt-record=_acme-challenge.ssrfdns.fun,"IOTRix3LnA4O60dMU2vkabM1tDqLX44K8UjzlPAWUjQ" --no-resolv --port=53
Waiting 10 seconds for DNS changes to propagate
NbzpeF7hngULgzUr8N1O9JZ5UvNzWFInhK4m3EQJbIc"Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ssrfdns.fun (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.ssrfdns.fun, ssrfdns.fun (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.ssrfdns.fun

is it possible to add a new feature where if you provide something like -cf switch it updates a text record @ cloudflare via the API?

i know this txt record is being added to the dnsmasq but it does not seem to work for me.

port 53 in use for ubuntu 20.04

Need to disable systemd-resolved first:

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Class has been compiled by a more recent version of the Java Runtime

I was facing some Java compatibility issues when downloading recent versions of the Burp JAR file:

java.lang.UnsupportedClassVersionError: burp/StartBurp has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes class file versions up to 55.0

To resolve this, I had to install Java17 and made the following modifications:

in Dockerfile:

FROM debian:bullseye-slim

RUN apt-get update && \
    apt-get -yqq dist-upgrade
RUN apt-get -yqq install openjdk-17-jdk && \
    apt-get autoremove -yqq && \
    apt-get clean && \
    /bin/rm -rf /var/lib/apt/lists/*

RUN groupadd -g 999 burp && \
    useradd -r -u 999 -g burp -d /opt/burp burp

USER burp
ADD entrypoint.sh /opt/burp/entrypoint.sh
WORKDIR  /opt/burp
ENTRYPOINT ["/opt/burp/entrypoint.sh"]

in burp/conf/burp.config, add property "name" to DNS interfaces:

"dns": {
      "interfaces" : [{
          "publicAddress": ["167.172.248.65"],
          "localAddress":"0.0.0.0",
          "name":"ns1"
      }],
      "port" : 8053,
   }

failure to renew automatically

It seems that the challenges sometimes change, and as such the automatic renewal script will fail.
Gotta find out why, and try to solve this...

Listen TCP 0.0.0.0:53 bind address already in use.

Hi,

I got this installed on a Vultr VPS. All good with the deployment until I got this:

Do you have any workaround for this one?

Thank you!

Waiting 10 seconds for DNS changes to propagate?

hello. Thank you for the wonderful project... it waits for 10 seconds while creating the certificate and ends the process before i complete txt registration.what should I do?

edit:

I think the certificate can be created for cloudflare alone. I was trying to make DNS settings with google cloud before.therefore, it was waiting for 10 seconds while creating the certificate. now I started using cloudflare to make dns settings.. but again I am facing a problem. you would suggest dns configuration on the home page as follows.

example: domain name( burp.collaborator.com)

A ------------burp.collaborator.com ------------54.54.55.44

NS ----------burp.collaborator.com ----------- burp.collaborator.com

cloudflare does not allow me to configure dns as above...

orginal error:
NS records already exist with that host. (Code: 81056)

but if I set up dns as follows, cloudflare allow it

example:

A ------------ns1.burp.collaborator.com --------------54.54.55.44
NS ----------burp.collaborator.com -------------------ns1.burp.collaborator.tk

do you think this could be a problem?