Burp Suite User Forum

Login to post

Installing Burp via commandline with upstream proxy

Julian | Last updated: Feb 10, 2017 09:39AM UTC

Hello, My current problem is the communication between the activationserver and Burp. Because Burp sits behind a proxy I made a config file which contains: { "user_options":{ "connections":{ "upstream_proxy":{ "servers":[ { "destination_host":"*", "enabled":true, "proxy_host":"server", "proxy_port":3128 } ] } } } } I give this file as a parameter to the headless installer. But the installer still complains about connection issues. But the machine definitely has access to the internet. After using wireshark to log the traffic I found that there weren't any HTTP packets. What could I be doing wrong?

PortSwigger Agent | Last updated: Feb 10, 2017 09:46AM UTC

We'll investigate this and see if Burp is honoring proxy settings from the user config file for license activation requests. In the meantime, you can select manual activation in the headless activation wizard and you can copy/paste the activation messages between the wizard and an internet-connected browser.

PortSwigger Agent | Last updated: Feb 10, 2017 09:49AM UTC

Since there isn't a command line option to accept the EULA and specify a license key, I don't know if you would be able to fully automate the license activation anyway, regardless of the proxy issue. We are planning to provide a REST endpoint in Burp that can be used for license activation and other tasks, so this will give you a way to fully automate the installation provided your installation script can act as a REST client.

Burp User | Last updated: Feb 10, 2017 11:26AM UTC

Thank you for the answer. Sadly manual activation won't be possible since I want to use Ansible to install Burp automatically. I'll just have to wait.

Burp User | Last updated: May 14, 2018 10:16PM UTC

Hi Dafydd, Circling back on the similar point. Is there a way, we can automate "Burp Activation" Process programmatically ? We are planning to load Burp in a container in a CI/CD environment. Do know any other way we can activate it?

Liam, PortSwigger Agent | Last updated: May 15, 2018 10:24AM UTC

Thanks for getting in touch. It is possible to license Burp headlessly, and here is a script that will do it automatically: - https://gist.github.com/pajswigger/f0caac124a02d94aa1ebbc46921d84ea However, if you do this frequently within a CI pipeline you will hit your activation limit. Instead, what we recommend you do is install and activate Burp within an image, so you can re-use a single activation repeatedly. Please let us know if you need any further assistance.

Joe | Last updated: Jan 12, 2022 03:32PM UTC

Is this possible in a non CI/CD environment in AWS?

Ben, PortSwigger Agent | Last updated: Jan 13, 2022 02:36PM UTC

Hi Joe, Just to clarify, you want to license Burp headlessly but within AWS instead of via a CI/CD pipeline?

Joe | Last updated: Jan 13, 2022 03:05PM UTC

Correct. Our environment is migrating to AWS. I want to know if it is possible to use Burpe in this fashion.

Ben, PortSwigger Agent | Last updated: Jan 14, 2022 11:06AM UTC

Hi Joe, The general issue with this approach is that Burp is really designed to be installed and used on permanent machines. The way the licensing system works means that if you are using machines/instances that need to be recreated on a regular basis then you are going to fall foul of the activation system (each time you want to install and use Burp on a new machine you will need to activate it, with each Burp Professional license containing a finite number of activations. Once the activations have run out on a license you will not be able to perform any additional activations to get Burp working on new machines). If your AWS instances are permanent (or semi permanent) then you may be ok but if you simply plan to create new instances, install Burp to perform some tasks and then destroy the existing instance (and then repeat this process on a regular basis) then the above issue is going to come into play.

You need to Log in to post a reply. Or register here, for free.