Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Trying to upgrade from v4.1 to v8.0 using Helm charts

Jody | Last updated: Sep 12, 2023 12:34PM UTC

I was to install BSEE 2023.8-12910 within my Azure AKS cluster running version: 1.27.3. I initially had useHttps set to true but once I disabled that, the webserver started to respond to port 8080: $ cat burp_enterprise_8_0/values.yaml | grep -i usehttps useHttps: false $ kubectl -n bsee get pod NAME READY STATUS RESTARTS AGE bsee-deployment-enterprise-server-8d9588f98-nf72w 1/1 Running 0 16m bsee-deployment-web-server-75c54b8485-qlqfq 1/1 Running 0 16m $ kubectl -n bsee get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE bsee-deployment-enterprise-server LoadBalancer 10.0.125.89 10.225.xxx.xxx 8072:31409/TCP,8073:32001/TCP 17m bsee-deployment-web-server LoadBalancer 10.0.181.20 10.225.xxx.xxx 8080:31723/TCP,8443:31907/TCP 17m When I was attempting to upgrade the helm chart using ‘useHttps:true’, the bsee-deployment-web-server-XXXX pod would be stuck in ‘0/1 running nodes’ for a long time. The upgrade from v4.1 to 8.0 using my existing MySQL database worked and I was able to login to the UI. I’m able to log into the BSEE UI but the SSL certificate that I’ve been using is now rejected when I attempt to load it in. I see “useDeprecatedHttpConfigFromDatabase” in the steps but it was not clearly explained so I didn’t know what that was used for. The documentation steps only had it step to false. I followed the documentation config steps where I performed a helm upgrade using these settings: services: webServer: installationEnvironment: KUBERNETES label: "app.portswigger.net/ingress: web-server" # If set to true, then none of the configuration below will be used, and we will attempt to read the HTTP(S) # configuration from the database. This should only be used if upgrading from v2023.6 or earlier. It has no effect # when performing a helm install. useDeprecatedHttpConfigFromDatabase: false useHttps: true httpPort: "8080" httpsPort: "8443" httpsCertificateSecret: name: bsee-web-server-https key: certificate. <<<<. What do I use here? httpsPassphraseSecret: name: bsee-web-server-https key: passphrase <<<<. What do I use here? The TLS cert that worked in v4.1 was added to the AKS secrets using the correct passphase. $ kubectl -n bsee get secrets NAME TYPE DATA AGE bsee-web-server-https Opaque 2 3h. <<<< from the config steps sh.helm.release.v1.bsee-deployment.v1 helm.sh/release.v1 1 148m sh.helm.release.v1.bsee-deployment.v2 helm.sh/release.v1 1 87m Result of the helm upgrade $ kubectl -n bsee get pods NAME READY STATUS RESTARTS AGE bsee-deployment-enterprise-server-6f95694fd9-h9cl8 1/1 Running 0 72m bsee-deployment-web-server-68b54cfff4-mz96k 0/1 Running 13 (3m41s ago) 68m bsee-deployment-web-server-74864f6dcc-4xssg 1/1 Running 0 110m Now, I have one webserver pod responding over HTTP ( 8080 ) and the other in some weird state, and HTTPS ( 8443 ) is not used. Also, I do not see a ‘Use TLS’ slider button under the gear -> Network panel to enable HTTPS. How do do deploy with HTTPS enabled via the helm charts? ---and--- How do I switch from HTTP ( 8080 ) to HTTPS ( 8443 ) using the same SSL certificate that worked in v4.1?

Jody | Last updated: Sep 12, 2023 01:01PM UTC

I updated the values.yaml file and enabled useDeprecatedHttpConfigFromDatabase set to true and left everything else at the defaults. services: webServer: installationEnvironment: KUBERNETES label: "app.portswigger.net/ingress: web-server" # If set to true, then none of the configuration below will be used, and we will attempt to read the HTTP(S) # configuration from the database. This should only be used if upgrading from v2023.6 or earlier. It has no effect # when performing a helm install. useDeprecatedHttpConfigFromDatabase: true useHttps: true httpPort: "8080" httpsPort: "8443" httpsCertificateSecret: name: bsee-web-server-https key: certificate httpsPassphraseSecret: name: bsee-web-server-https key: passphrase enterpriseServer: installationEnvironment: KUBERNETES I uninstalled the original attempt and then attempted a new install. After 10 minutes, HTTPS ( 8443 ) was enabled and responding so I don't know what happened within the last install where I was using HTTP and wanted to switch to HTTPS with a helm upgrade process. NAME READY STATUS RESTARTS AGE bsee-deployment-enterprise-server-8d9588f98-mzvq4 1/1 Running 0 19m bsee-deployment-web-server-75c54b8485-2x96f 1/1 Running 0 19m bsee-scan-525-b59rc 1/1 Running 0 7m59s bsee-scan-528-cszc4 1/1 Running 0 7m59s bsee-scan-535-q6gkh 1/1 Running 0 3m16s bsee-scan-538-s8wd9 1/1 Running 0 94s bsee-scan-539-9qwkv 1/1 Running 0 74s

Thomas, PortSwigger Agent | Last updated: Sep 12, 2023 02:57PM UTC

Thank you for confirming the steps provided in our email conversation have been successful for you, and you are now deployed again using HTTPS. Please feel free to let us know if you have any questions or further issues.

You need to Log in to post a reply. Or register here, for free.