Burp Suite User Forum

Login to post

silent installation of Burp Enterprise edition

Vasant | Last updated: Nov 16, 2018 05:38AM UTC

Team, Is it possible to perform silent installation of the Burp suite Enterprise edition with automating the input of the parameters like directory for logs, directory for components, adding Users and grabbing API key etc? Thanks, vasant

PortSwigger Agent | Last updated: Nov 16, 2018 07:49AM UTC

Creating an unattended install process is relatively simple. You will need to perform the installation manually once, entering all the options that you want the unattended installation to use. When the install is complete, there will be a @response.varfile@ located in the @.install4j@ folder in the application folder you chose during installation. Take a copy of this file. To perform an unattended install, run the installer using the following command line: ./burpsuite_enterprise_linux_v1_0_08beta.sh -c -q -varfile response.varfile with the latest installer and the varfile you copied in the previous step. This will repeat the installation you performed manually without requiring any user interaction.

Ben, PortSwigger Agent | Last updated: May 07, 2019 02:27PM UTC

Hi Dmitri, Currently, the settings for using external databases are not captured in the response.varfile. You would need to manually add the following parameters to your file: db_url_suffix=<URL OF DB, EXCLUDING jdbc:mysql://> db_es_username=<USERNAME OF ENTERPRISE SERVER DB USER> db_es_password=<PASSWORD OF ENTERPRISE SERVER DB USER> db_agent_username=<USERNAME OF AGENT DB USER> db_agent_password=<PASSWORD OF AGENT DB USER> Please let us know if you require any further information.

Burp User | Last updated: Sep 13, 2019 10:38PM UTC

fyi I had to leave off -c to get this to work.

Burp User | Last updated: Jan 10, 2020 02:28AM UTC

I had a look at response.varfile from a 1.1.04 installation and noticed amongst others there was no connection url to our external db. How does that work?

Ben, PortSwigger Agent | Last updated: Jan 13, 2020 12:20PM UTC

Hi Jay, Are you able to show us the settings that you have in your response.varfile (please feel free to obfuscate the sensitive information)?

Burp User | Last updated: Jan 27, 2020 08:23PM UTC

The -c -q -varfile response.varfile parameters do not seem to work with the latest installation package. If I run: sudo ./burpsuite_enterprise_linux_v2020_1.sh -c -q -varfile response.varfile I still get prompted to enter all of the settings that are specified in the response.varfile. I do notice that that db_url_suffix and usernames are defaulted with what I put in the response.varfile, but I still had to enter in the passwords even though they were also provided in the response.varfile. Is there an ability to install burp enterprise without user interaction?

John | Last updated: Feb 25, 2020 03:48PM UTC

You need to leave off the -c (sudo ./burpsuite_enterprise_linux_v2020_1.sh -q -varfile response.varfile) I have finally gotten this and the install appears to have worked. The problem is that I can't log into the web console. I believe this is the relevant part to my response.varfile: admin_email=<my email> admin_user_name=admin admin_user_password=<my password> But when I try to log in with 'admin' and '<my password>' to gives me "Login failed" error. How can I set the password? My final goal here is to be able to add this to User Data to allow a totally automated install of Burp Suite Enterprise in AWS. Thanks

Michelle, PortSwigger Agent | Last updated: Feb 25, 2020 04:02PM UTC

Hi That's the right part of the response.varfile. Did you include a line to confirm the password? If no, it might not have set the password correctly during the install. admin_user_password=<admin password> admin_user_confirm_password=<admin password> You can use the following command to create a new admin user on this particular installation ./adminusercreator --username=new_admin --password=letmein --email=some@example.com --dbUrl=jdbc:<your database url> --dbUsername=burp_enterprise --dbPassword=*

John | Last updated: Feb 25, 2020 04:07PM UTC

Thanks for the reply. I will add that line to see. I have tried to use the adminusercreator utility but I am getting jdbc errors (asking about that on a separate thread here - https://forum.portswigger.net/thread/burp-enterprise-unattended-install-what-is-the-administrator-password-4c5dc058)

John | Last updated: Feb 25, 2020 04:52PM UTC

That worked. I also found the issue I was having with adminusercreator and updated that forum thread. Thanks for the help.

John | Last updated: Feb 25, 2020 06:05PM UTC

Here is the response.varfile that finally worked for me (on RHEL8 connecting to a PostgreSQL AWS RDS instance). Edit items between <> below to match your environment. The rest are defaults: admin_email=<admin email> admin_user_name=<admin> admin_user_password=<admin pw> admin_user_confirm_password=<admin pw> beuser=<burpsuite> beuserandgroup=<burpsuite\:burpsuite> dataDirectory=/var/lib/BurpSuiteEnterpriseEdition dbType=postgres db_agent_username=<beagent> db_agent_password=<agent pw> db_es_username=<beserver> db_es_password=<server pw> db_url_suffix=<RDS endpoint:5432>/<burpenterprise> escapedDataDir=/var/lib/BurpSuiteEnterpriseEdition escapedInstallationDir=/usr/local/burpsuite_enterprise jreHome=/usr/local/burpsuite_enterprise/jre logsDirectory=/var/log/BurpSuiteEnterpriseEdition platformScriptSuffix=sh sys.adminRights$Boolean=true sys.component.agent$Boolean=false sys.component.db$Boolean=false sys.component.enterprise$Boolean=true sys.component.web$Boolean=true sys.installationDir=/usr/local/burpsuite_enterprise sys.languageId=en sys.programGroupDisabled$Boolean=true webserver_port$Integer=8080

Michelle, PortSwigger Agent | Last updated: Feb 26, 2020 08:42AM UTC

I'm glad that's working for you now and thanks for posting your response.varfile

John | Last updated: Feb 27, 2020 08:03PM UTC

One more question - Is it possible to set port 8080 to use tls and to upload a cert for Burp Suite Enterprise to use from the response.varfile or otherwise automate the process? Thanks

Michelle, PortSwigger Agent | Last updated: Feb 28, 2020 08:38AM UTC

Hi The TLS and certificate upload would need to be set via the UI once the installation was complete.

John | Last updated: Feb 28, 2020 05:10PM UTC

Shame. Thanks for the answer.

Brett | Last updated: Sep 03, 2020 06:13PM UTC

Hey all, This thread has been super helpful in the setup of a headless install via terraform on AWS. I wanted to ask if someone might have an example varfile that was used to setup a standalone agent server in a Burpsuite Enterprise cluster? One thought I had was to install an agent server manually, and then look to the filesystem for a file which produces the configuration parameters needed to install the agent server, and subsequently use those values in my varfile. Issue is, I cant seem to find any sort of local file, post installation. Any help would be greatly appreciated! Thanks, Brett

Michelle, PortSwigger Agent | Last updated: Sep 04, 2020 09:26AM UTC

If you have a look in the <Enterprise_installation_dir>/.install4j folder you should find the response.varfile. Let us know if you have any problems.

You need to Log in to post a reply. Or register here, for free.