Burp Suite User Forum

Login to post

Modifying Burp EE CloudFormation templates to expose REST API outside the VPC

Zac | Last updated: Jul 22, 2021 12:14PM UTC

I am trying to use the official Burp EE CloudFormation templates (https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws) to install Burp EE on my AWS account. The problem is, these templates create a VPC and only expose the REST API (used for kicking off scans) to nodes living inside that VPC. My AWS account has many VPCs, and I even have some services running in our own data center that I would like to set up scans for. So: - We use GitHub Actions as our CI/CD tool, so I need the Burp EE REST API exposed to the public internet so that GitHub can kick off scans - Some of the services we need scanned will also live on AWS, but not from inside the VPC that the Burp EE CloudFormation templates create - Some of the services we need scanned live on our own internal data center, thus, Burp EE agents need to be able to scan services outside of the VPC they live in Does anybody know how I could tweak the templates to accomplish my objectives above? Thanks in advance!

Maia, PortSwigger Agent | Last updated: Jul 22, 2021 05:31PM UTC

Hi, You don't need to edit the templates to achieve this, you can configure the VPC after creation to allow for your specific networking needs. We don't normally advise on this as each company has its own security requirements and policies to follow. Note that the web UI and both the GraphQL and REST APIs are available to the public subnet (created during the deployment) via the load balancer and you should look to configure access here, rather than the nodes subnet. Alternatively, you can create the resources yourself based on the infrastructure template and then only deploy the other parts of the template with CloudFormation. We have split these out on our release page for ease.

You need to Log in to post a reply. Or register here, for free.