Burp Suite User Forum

Create new post

How do I dockerize burp pro as a user (not as root)?

Pascal | Last updated: Aug 29, 2023 07:10AM UTC

Hey, so the following is the case: I want to creae a burp image that has already been activated, since I need multiple containers from that image. I successfully did this by mounting the .java/.userPrefs/burp directory into /root/.userPrefs/.java/burp and then executing the burpsuite.jar in any directory. Notice I was root user when executing the burpsuite.jar file. I also noticed that it isn't necessary to mount the volume here, copying the burp directory to /root/.java/.userPrefs/ works just the same. Still executing the .jar as root here... Now I wanna do some hardening and move the execution and all that to /home/burp-user. I tried mounting and mapping of the burp direcotry with the prefs.xml to /home/burp-user/.java/.userPrefs/burp. Executing the .jar file as root gives me: "INFO: Created user preferences directory." and is then telling me the Terms and conditions and asking me for the activation key. So far this makes sense, since I was executing as root, so it searches at /root/.java/.userPrefs/burp for the prefs.xml But when executing the file as burp-user, I would expect it to work, but it doesn't. It instead says: "This version of Burp requires a license key. To continue, please paste your license key below." Notice: no Terms and Conditions were asked here, so it must somehow have saved that I already agreed to them. This means it has found and accessed the prefs.xml. But somehow, it seems to not be able to activate burp with that exact same prefs.xml? What am I doing wrong? Maybe some helpful information: - im using a JRE 17.0.7 version from Debian (in the Container) - im on Ubuntu 23.04 (host system) - im using docker 20.10.21 (host system) - I dont know if this is important, but I couldn't find an environment variable named JAVA_HOME, so i made it myself: export JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-amd64 best regards

Michelle, PortSwigger Agent | Last updated: Aug 29, 2023 12:14PM UTC

Hi We don't have any specific instructions on how to set this up, as this isn't really how Burp Suite Professional is designed to be used. Having said that we may be able to offer some suggestions if you can answer the questions below: How many people will be using this Docker image? Is it just for your use? Which version of Burp are you launching from the CLI? Before you launch Burp as the burp-user, does the prefs.xml file contain all the details you expect to see, or has something overwritten them?

Pascal | Last updated: Aug 31, 2023 05:55AM UTC

Hey, thank you for repliying. I could successfully resolve the issue, by manually activating burp again in the container and copying the generated prefs.xml to my host machine. Then when creating another image, copying that new prefs.xml into the /home/username/.java/userPrefs/burp directory. I don't know why it didn't work before, maybe it has something to do with my license being renewed. But to answer your questions, yes, it is just for my use, I do not plan to distribute the software. I want an image of an activated burp instance, so I can try different things with the container without activating it in each container separately. This is because I read, that after an undocumented amount of activations, the license will get blocked. Have a good day :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.