Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Automating installation / update burp enterprise

Chris | Last updated: Mar 17, 2020 03:24PM UTC

Hello, I want to deploy burp suite enterprise on aws and I am automating infrastructure with terraform and burp suite enterprise installation with ansible. From the documentation I see there is just wizard. Is there any other source I can access on how to automatically deploy and update burp without following the wizard? Thanks for any information.

Hannah, PortSwigger Agent | Last updated: Mar 17, 2020 04:06PM UTC

We're currently working on developing an easy to deploy, cloud-friendly version of Enterprise. You can check out our 2020 roadmap here: https://portswigger.net/blog/burp-suite-roadmap-for-2020 Currently, please be aware of the fact that you may run out of activations if your cloud instance is destroyed. Creating an unattended install process is relatively simple. To perform an unattended install, run the installer using the following command line: ./burpsuite_enterprise_linux_v1_0_08beta.sh -c -q -varfile response.varfile An example of the contents of a response.varfile (on RHEL8 connecting to a PostgreSQL AWS RDS instance) is here: Edit items between <> below to match your environment. The rest are defaults admin_email=<admin email> admin_user_name=<admin> admin_user_password=<admin pw> admin_user_confirm_password=<admin pw> beuser=<burpsuite> beuserandgroup=<burpsuite\:burpsuite> dataDirectory=/var/lib/BurpSuiteEnterpriseEdition dbType=postgres db_agent_username=<beagent> db_agent_password=<agent pw> db_es_username=<beserver> db_es_password=<server pw> db_url_suffix=<RDS endpoint:5432>/<burpenterprise> escapedDataDir=/var/lib/BurpSuiteEnterpriseEdition escapedInstallationDir=/usr/local/burpsuite_enterprise jreHome=/usr/local/burpsuite_enterprise/jre logsDirectory=/var/log/BurpSuiteEnterpriseEdition platformScriptSuffix=sh sys.adminRights$Boolean=true sys.component.agent$Boolean=false sys.component.db$Boolean=false sys.component.enterprise$Boolean=true sys.component.web$Boolean=true sys.installationDir=/usr/local/burpsuite_enterprise sys.languageId=en sys.programGroupDisabled$Boolean=true webserver_port$Integer=8080 More details on generating your own response.varfile can be found here: https://forum.portswigger.net/thread/silent-installation-of-burp-enterprise-edition-ac5433e6

Daniel | Last updated: Aug 25, 2020 04:16PM UTC

@Hannah – any chance you know what I'd need to pass as the "capabilities" and "parameters" to the Cloudformation stack to use Terraform here? With that info, I think it would be very easy to do this with Terraform, including creating or referencing an existing Terraform-managed RDS: ``` resource "aws_cloudformation_stack" "burp_suite_enterprise" { name = "burp-suite-enterprise" capabilities = [ ... ] parameters = { someKey = "someValue" ... } template_url = "https://path/to/s3/template/in/burp/release/notes" } ```

Hannah, PortSwigger Agent | Last updated: Aug 26, 2020 02:19PM UTC

Hi Daniel We don't currently support Terraform and have no plans to do so at this time. If you want to call the CloudFormation template from Terraform, you can download the template from the link to ascertain which parameters you will need to pass. As for capabilities, we currently require full admin privileges. However, we are working on the full set of specific permissions that are required, which will be available soon.

Daniel | Last updated: Aug 26, 2020 05:04PM UTC

Hi Hannah, Thanks for the reply – I looked through the template and think I have what I need (and assume "admin" capabilities means just including all of the named capabilities like AUTO_EXPAND). Can you clarify what IAM permissions the user associated with the access key and secret key described in https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws should have? Step 6 just says, "Fill in the "AWS Credentials" section. We recommend using a dedicated AWS access key for the beta trial as this will potentially change to an IAM role in future..." except there's no indication on what IAM permissions are needed for that keypair. Thanks!

Daniel | Last updated: Aug 26, 2020 08:10PM UTC

I seem to get: > Nodegroup NodeGroup-xxx failed to stabilize: [{Code: NodeCreationFailure,Message: Instances failed to join the kubernetes cluster,ResourceIds: [i-xxx, i-xxx]}] using the Cloudformation stack, so I'm guessing this IAM AKID/secret need specific permissions (I created the user/keypair with no IAM permissions to see what happened). I looked around a bit more but couldn't figure out what was expected here IAM-wise, so let me know if you have any additional documentation on this subject. Thanks!

Hannah, PortSwigger Agent | Last updated: Aug 27, 2020 11:30AM UTC

We do not currently have any further documentation on this. The cloud-friendly version of Enterprise is currently in beta testing, so there will be improvements made before it is brought out of beta.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.