Burp Suite User Forum

Create new post

Unable to run Burp Suite with Bamboo CI pipeline for professional version with API

sarang | Last updated: Jul 28, 2020 07:54AM UTC

I have created a powershell script which runs burp suite pro with API calls which I am able to run on the server locally. but same when I am trying to run using Bamboo CI pipeline it is not working... getting below logs. How can I provide License details using pipeline? 2020-07-28 11:35:28.808 INFO 7928 --- [ main] c.vmware.burp.extension.BurpApplication : Starting BurpApplication v2.0.1 on BurpSuite with PID 7928 (C:\Burp\burp-rest-api-2.0.1.jar started by SYSTEM in C:\burp) 2020-07-28 11:35:28.855 INFO 7928 --- [ main] c.vmware.burp.extension.BurpApplication : No active profile set, falling back to default profiles: default 2020-07-28 11:35:28.949 INFO 7928 --- [ main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3520ef1b: startup date [Tue Jul 28 11:35:28 GST 2020]; root of context hierarchy 2020-07-28 11:35:30.511 INFO 7928 --- [ main] o.s.b.f.s.DefaultListableBeanFactory : Overriding bean definition for bean 'beanNameViewResolver' with a different definition: replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter.class]] 2020-07-28 11:35:31.887 INFO 7928 --- [ main] e.j.JettyEmbeddedServletContainerFactory : Server initialized with port: 8090 2020-07-28 11:35:31.918 INFO 7928 --- [ main] org.eclipse.jetty.server.Server : jetty-9.2.14.v20151106 2020-07-28 11:35:32.215 INFO 7928 --- [ main] application : Initializing Spring embedded WebApplicationContext 2020-07-28 11:35:32.230 INFO 7928 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 3297 ms 2020-07-28 11:35:32.746 INFO 7928 --- [ main] o.s.b.c.e.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/] 2020-07-28 11:35:32.777 INFO 7928 --- [ main] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/*] 2020-07-28 11:35:32.793 INFO 7928 --- [ main] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/*] 2020-07-28 11:35:32.808 INFO 7928 --- [ main] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/*] 2020-07-28 11:35:32.824 INFO 7928 --- [ main] o.s.b.c.embedded.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/*] 2020-07-28 11:35:33.277 INFO 7928 --- [ main] o.e.jetty.server.handler.ContextHandler : Started o.s.b.c.e.j.JettyEmbeddedWebAppContext@1ae5adff{/,file:/C:/Windows/System32/config/systemprofile/AppData/Local/Temp/jetty-docbase.8856979504421504115.8090/,AVAILABLE} 2020-07-28 11:35:33.324 INFO 7928 --- [ main] org.eclipse.jetty.server.Server : Started @6797ms 2020-07-28 11:35:33.436 INFO 7928 --- [ main] c.v.burp.extension.service.BurpService : # of command line arguments received to Burp suite: 1 2020-07-28 11:35:33.449 INFO 7928 --- [ main] c.v.burp.extension.service.BurpService : Launching Burp suite in headless mode... 2020-07-28 11:35:35.452 INFO 7928 --- [ main] c.v.burp.extension.service.BurpService : Launching the Burp with options: [--project-file=C:\windows\system32\config\systemprofile\AppData\Local\Temp\temp-project-dir-1723414213974098169\temp-project.burp, --config-file=C:\windows\system32\config\systemprofile\AppData\Local\Temp\project-options4751621622289384069.json, --user-config-file=C:\windows\system32\config\systemprofile\AppData\Local\Temp\user-options_1459461064776151765.json] 2020-07-28 11:35:35.499 INFO 7928 --- [ main] c.v.burp.extension.service.BurpService : Injecting ClassLoader with Jar: C:\Program Files\BurpSuitePro\burpsuite_pro.jar Burp Suite Professional Terms & Conditions of Supply IMPORTANT NOTICE: PLEASE READ THE FOLLOWING TERMS BEFORE ORDERING OR DOWNLOADING ANY SOFTWARE FROM THIS WEBSITE AS APPLICABLE TO THE LICENCE AND USE OF THAT SOFTWARE. These Burp Suite Professional Terms & Conditions of Supply together with the documents referred to in it ("Terms") constitute the terms and conditions on which PortSwigger Ltd ("Licensor") will grant to any purchaser or user ("Licensee") a licence to use the software comprising Burp Suite Professional ("Burp Suite Professional" or the "Software"), following acceptance of an order as detailed below. The following expressly form part of the Terms: - The Burp Suite Professional Licence Agreement; - The General Terms and Conditions; - The Privacy Policy; and - Any other documents referred to in the above. The Terms apply to the exclusion of any other terms that the Licensee seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing. 1. Licences to Burp Suite Professional are available for purchase via the Licensor's website at https://portswigger.net/buy. 2. Placing an order for Burp Suite Professional or checking "I have read and accept the terms and conditions" on a webform is an offer by the Licensee to purchase a licence to the Software and does not constitute a contract until such time as the Licensor issues an email or web confirmation that the order is accepted by PortSwigger Ltd. Notwithstanding the foregoing, by installing the Software the Licensee affirms that it agrees to the terms of the License and the Burp Suite Professional terms and conditions of supply, which bind the Licensee and its employees. The contract will only relate to the Software the Licensee has licensed, as set out in that confirmation or accepted by installing it. Notwithstanding any other communications between the parties, ordering and/or downloading the Software by the Licensee, or the download of the Software by another party at the instigation of the Licensee, shall constitute conclusive evidence that the Licensee has purchased the Software on the basis of these Terms & Conditions of Supply and PortSwigger Ltd's order quotation. 3. Unless PortSwigger Ltd has pre-approved the Licensee's purchase on credit in writing (and subject to any additional credit terms that apply to any such approval), payment is required in advance. Shortly after the Licensee makes payment and the order has been accepted by PortSwigger Ltd, the Licensee will receive an email containing instructions enabling the Licensee to log in and download the Licensee's software and licence key. If the Licensee does not receive this email within 30 minutes of making payment, please email the Licensor, who will investigate the issue and endeavour to respond within one working day. In relation to purchases made on agreed credit terms, PortSwigger reserves the right to charge interest under the Late Payment of Commercial Debts (Interest) Act 1998 on invoiced amounts unpaid by their due date 4. If the Licensee wishes to cancel its order, please email the Licensor, within 7 days of making payment, or if the order has been placed on credit, credit having been pre-approved by PortSwigger Ltd, please email the Licensor within 7 days of placing the order, and in each case before the Licensee downloads the software or licence key. If the Licensee already downloaded the software or licence key, it will not be possible to refund the order. 5. If the Licensee's payment is subject to any tax liability within any jurisdiction (for example, withholding tax) then it bears sole responsibility for meeting this liability, and no deductions must be made in the amount paid to PortSwigger Ltd. PortSwigger Ltd does not accept liability for any tax liabilities that may arise from the Licensee's purchase of the Software or any associated services hereunder. 6. When the contract for the purchase of Burp Suite Professional has been concluded, such contract is made for the benefit of the Licensee and PortSwigger Ltd only and is not intended to benefit, or be enforceable by, anyone else. 7. These Terms (including all the documents referred to in them) are governed by and construed in accordance with English Law and submitted to the exclusive jurisdiction of the English courts. Burp Suite Professional Licence Agreement This licence agreement which incorporates the General Terms and Conditions below ("Licence") forms part of the Terms for the Software, which includes computer software, and the online documentation current at the date of the download of this Licence and accessible on https://support.portswigger.net/ ("Documentation"). THE DOCUMENTATION CONTAINS THE SYSTEM REQUIREMENTS TO RUN BURP SUITE PROFESSIONAL. INTERNET ACCESS IS REQUIRED DURING INSTALLATION TO ACTIVATE THE SOFTWARE. IF THE LICENSEE DOES NOT AGREE TO THE TERMS OF THE LICENCE AND THE BURP SUITE PROFESSIONAL TERMS AND CONDITIONS OF SUPPLY, THE LICENSOR IS UNWILLING TO LICENSE THE SOFTWARE TO THE LICENSEE AND (1) THE LICENSEE MUST DISCONTINUE ANY ON-GOING ORDERING PROCESS NOW AND MUST NOT INSTALL THE SOFTWARE; AND/OR (2) WHERE THE SOFTWARE HAS ALREADY BEEN INSTALLED, THE LICENSEE MUST CEASE USING IT IMMEDIATELY. WARNING: BURP SUITE PROFESSIONAL IS DESIGNED TO TEST FOR SECURITY FLAWS AND CAN DO DAMAGE TO TARGET SYSTEMS DUE TO THE NATURE OF ITS FUNCTIONALITY. TESTING FOR SECURITY FLAWS INHERENTLY INVOLVES INTERACTING WITH TARGETS IN NON-STANDARD WAYS WHICH CAN CAUSE PROBLEMS IN SOME VULNERABLE TARGETS. THE LICENSEE MUST TAKE DUE CARE WHEN USING THE SOFTWARE, MUST READ ALL DOCUMENTATION BEFORE USE AND BACK UP TARGET SYSTEMS BEFORE USE. WHERE THE LICENSEE USES THE SOFTWARE ON PRODUCTION SYSTEMS OR OTHER SYSTEMS, IT EXPRESSLY HEREBY ACCEPTS THE RISK OF DAMAGE AND RISK OF LOSS OF DATA OR LOSS OF USE IN RESPECT OF SUCH DATA AND SYSTEMS AND ACCEPTS THAT IT SHOULD NOT USE THE SOFTWARE ON ANY SYSTEMS FOR WHICH IT DOES NOT ACCEPT THE RISK OF DAMAGE, RISK OF LOSS OF DATA OR LOSS OF USE. 1. GRANT AND SCOPE OF LICENCE 1.1. In consideration of the payment by the Licensee of any agreed licence fee and the Licensee agreeing to abide by the terms of the Licence, the Licensor hereby grants to the Licensee a non-exclusive, non-transferable licence for the period (the "Licence Period") specified in the Licensee's order confirmation for the number of individual users specified therein to use the Software and the Documentation on the terms of the Licence. 1.2. Each installation of Burp Suite Professional on an individual computer needs to be activated before it will operate. It is recognised that in the course of ordinary usage of the Software, individual users may need to install the product on more than one computer. The number of activations performed for each licence is monitored. The Licensor reserves the right to limit the number of activations allowed per licence, and to prevent further activations if this limit is exceeded. 1.3. The Licensee may: 1.3.1. download, install and use the Software, including any Burp Apps (as defined in General Terms and Conditions, section 5) for its internal business purposes (which may, include the provision of a bespoke consultancy service to clients where the Licensee is acting in a business advisory capacity) only; 1.3.2. make one copy of the Software for back-up purposes only, provided that this is necessary for the activities permitted under section 1.3.1; 1.3.3. receive and use any free supplementary software code or update of the Software incorporating "patches" and corrections of errors as may be provided by the Licensor from time to time on the basis that they are governed by the terms of the Licence; 1.3.4. use any Documentation in support of the use permitted under section 1.3.1 and make such numbers of copies of the Documentation as are reasonably necessary for its lawful use; and 1.3.5. analyse the behaviour and performance of the documented functionality of the Software and any Burp Apps (defined as aforesaid) and disclose the findings of such analysis to any party provided that such findings are provided simultaneously and in identical form to the Licensor; and 1.3.6. resell the Software, provided that: 1.3.6.1. the Licensee procures that the purchaser is bound by the terms of this Licence for the benefit of the Licensor, with an ability for the Licensor to enforce such terms against the purchaser directly and that the Licensee indemnify the Licensor against all costs (including legal costs) charges and expenses incurred by the Licensor as a result of the failure by the Licensee to comply with the provisions of this paragraph and/or the resale by the Licensee of the Software to the purchaser; and 1.3.6.2. the Licensee has purchased the Software directly from the Licensor. 1.4. If the Licensee is a purchaser who has lawfully obtained the Software other than by direct purchase from the Licensor, the Licensee may carry out the activities specified in sections 1.3.1 to 1.3.5 above and, in consideration of the Licensor agreeing to provide updates of the Software to the Licensee during the Licence Period, either directly or via the relevant intermediary or intermediaries, the Licensee agree to be bound by the Licence directly in favour of the Licensor. 2. LICENSEE'S WARRANTY AND UNDERTAKINGS In addition to the warranties and undertakings given in the General Terms and Conditions, the Licensee undertakes to keep confidential any credentials provided by the Licensor enabling the Licensee to log in to the Licensor's server (for the purposes of downloading product builds and licence keys and to perform product activation, to create Extensions (as defined in General Terms and Conditions, section 5)), or to access the Burp Collaborator server. 3. LICENSOR'S LIABILITY: ATTENTION IS DRAWN PARTICULARLY TO THE PROVISIONS OF THIS CONDITION Subject to the General Terms and Conditions, section 9.1, the Licensor's maximum aggregate liability under or in connection with this Licence, or any collateral contract, whether in contract, tort (including negligence) or otherwise, shall be limited to a sum equal to 125% (one hundred and twenty five per cent) of the average annual Licence Fee due under the Licence. GENERAL TERMS AND CONDITIONS These terms and conditions are applicable to and form part of the Terms entered into between the Licensee and the Licensor for the Software and apply, unless specified or the context otherwise requires, whether the Software has been acquired either directly or indirectly by way of free download, pre-purchase or purchase on credit, free trial or by way of free licence for training purposes. Unless the context otherwise requires words and expressions used in the remainder of the Terms shall have the same meanings when used in these terms and conditions. 1. LICENSEE'S WARRANTY AND UNDERTAKINGS 1.1. The Licensee warrants that it is not purchasing licences to the Software as a consumer, but will be using the Software in its business and that any users placing orders for the Software and/or accepting these Terms are duly authorised by the Licensee to acquire licences to the Software. 1.2. Except as expressly set out in the Licence or as permitted by any local law, the Licensee undertakes: 1.2.1. not to use (or allow to be used) the Software, the Documentation for any unlawful purposes, particularly as the Software contains functionality that can be used to attack and compromise computer systems, and the Licensee shall be responsible for all losses, costs, liabilities or other damages incurred by the Licensor in connection with any claim by a third party in connection with a breach by the Licensee of this obligation; 1.2.2. to keep confidential any credentials provided by the Licensor enabling the Licensee to log in to the Licensor's server (for the purposes of downloading product builds and licence keys and to perform product activation, to create Extensions (as defined in section 5), or to access the Burp Collaborator server; 1.2.3. to obtain all necessary authorisations from system owners prior to using the Software or any Burp Apps thereon; 1.2.4. unless agreed by the Licensor not to copy the Software or Documentation except where such copying is incidental to normal use of the Software, or where it is necessary for the purpose of back-up or operational security; 1.2.5. subject to the provisions of section 5, not to rent, lease, sub-license, loan, translate, merge, adapt, vary or modify the Software or Documentation; 1.2.6. subject to the provisions of section 5, not to make alterations to, or modifications of, the whole or any part of the Software, nor permit the Software or any part of it to be combined with, or become incorporated in, any other programs; 1.2.7. not to disassemble, decompile, reverse engineer or create derivative works based on, the whole or any part of the Software nor attempt to do any such thing except to the extent that (by virtue of section 296A of the Copyright, Designs and Patents Act 1988) such actions cannot be prohibited because they are essential for the purpose of achieving inter-operability of the Software with another software program, and provided that the information obtained by the Licensee during such activities: 1.2.7.1. is used only for the purpose of achieving inter-operability of the Software with another software program; and 1.2.7.2. is not unnecessarily disclosed or communicated without the Licensor's prior written consent to any third party; and 1.2.7.3. is not used to create any software which is substantially similar to the Software; 1.2.8. to supervise and control use of the Software and ensure that the Software is used by the Licensee's employees and representatives in accordance with the terms of the Licence; 1.2.9. to replace the current version of the Software with any updated or upgraded version or new release provided by the Licensor to the Licensee via its account or the Software, immediately on receipt (and failure to do so may result in the Licensee's ineligibility for support pursuant to this Agreement); 1.2.10. to keep all copies of the Software secure and to maintain accurate and up-to-date records of the number of locations of all copies of the Software; 1.2.11. to include the copyright notice of the Licensor on all entire and partial copies the Licensee makes of the Software on any medium; 1.2.12. not to provide or otherwise make available the Software in whole or in part (including but not limited to program listings, object and source program listings, object code and source code), in any form to any person other than the Licensee's employees without prior written consent from the Licensor; 1.2.13. unless specifically authorised by the Licensor in writing, not to use the Software as part of an automated service offering to third parties; 1.2.14. not to engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010, if such activity, practice or conduct had been carried out in the UK; and 1.2.15. to be responsible for all liability claims, actions, or causes of action, together with the legal costs of the Licensor in bringing the same, arising by reason of or in any way relating to the Licensee's actions or activities of its employees, agents, or contractors under the Licence. 2. SUPPORT AND UPGRADES 2.1. The downloading of a licence for the Software entitles the Licensee to free product support provided via the Licensor's support centre portal on its website at the Licensor's sole discretion. Such support will be subject to any support conditions, guidance or FAQs on https://support.portswigger.net/ from time to time. 2.2. If licences to new releases of the Software are offered for sale to the Licensor's customers generally, these may be made available free of charge to the Licensee for the duration of the Licence provided that the Licensee enters into a new licence agreement in respect of such new release on such terms as may be notified to the Licensee by the Licensor at that time. If no such new licence terms are notified, these terms shall continue to apply. 3. BURP COLLABORATOR 3.1. The Licensor has developed Burp Collaborator which is a component of the Software's automated and manual testing tools available in respect of the Burp Suite Enterprise Edition and Burp Suite Professional Software and the terms of this section 3 shall only apply in respect of that Software. Burp Collaborator involves the Licensee deploying a system on the public web (the "Collaborator Server") which acts as the recipient of third-system interactions that may be triggered by payloads that the Software sends to target systems enabling the detection of certain types of vulnerability. A full description of the functionality of Burp Collaborator forms part of the Documentation if it applies to the version of the Software the Licensee has downloaded. 3.2. The functionality of Burp Collaborator gives rise to issues that require careful consideration by the Licensee as fully set out in the Documentation. By utilising any features of the Software that may cause interaction with Burp Collaborator, the Licensee will be deemed to have read the relevant Documentation, fully understood the functionality and the alternative methods of utilisation of Burp Collaborator and considered the consequences of utilisation for its organisation and as a result of such consideration has decided that Burp Collaborator, in the form utilised by it, is suitable and appropriate for use by it. The Licensor considers Burp Collaborator to be efficacious in identifying vulnerabilities of the target website in connection with third-system interactions, but the Licensee must make its own evaluation before using the Collaborator Server in any of the alternative manners set out in the Documentation. 3.3. If the Licensee is permitted by the Licensor to use the Burp Collaborator server as part of a bespoke consultancy permitted under the terms of the Licence, by doing so the Licensee warrants to the Licensor that it has recommended the client to use the Burp Collaborator server in accordance with the terms of the Documentation and the client has instructed the Licensee to use the same having discussed with the Licensee the contents of the Documentation relating thereto. 3.4. The Licensee acknowledges and accepts that by utilising the Burp Collaborator server either on its own behalf or on behalf of a client pursuant to a bespoke consultancy, the Licensor could be a Sub-Processor of its client's personal data under the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679). If the Licensor does act as a Sub-Processor, it shall handle the Licensee or the Licensee's client's data in accordance with its Privacy Notice and as set out in the Documentation relating to Burp Collaborator. 4. BURP INFILTRATOR 4.1. The Licensor has developed Burp Infiltrator which is a component of the Software for instrumenting deployed applications in order to facilitate testing using the Software in respect of the Burp Suite Enterprise Edition Burp Suite Professional Software and the terms of this section 4 shall only apply in respect of that Software. Burp Infiltrator involves the Licensee deploying or procuring deployment of the Infiltrator component within the target system which enhances the ability of the Software to detect certain types of vulnerability. A full description of the functionality of Burp Infiltrator forms part of the Documentation if it applies to the version of the Software the Licensee has downloaded. 4.2. The functionality of Burp Infiltrator gives rise to issues that require careful consideration by the user as fully set out in the Documentation. By deploying or procuring deployment of the Infiltrator tool, the Licensee will be deemed to have read the relevant Documentation, fully understood the functionality of Burp Infiltrator and considered the consequences of utilisation for its organisation and any bespoke consultancy clients of the Licensee and, as a result of such consideration, has decided that Burp Infiltrator is suitable and appropriate for use by it and by any client of the Licensee. The Licensor considers Burp Infiltrator to be efficacious in helping to identify vulnerabilities of the target website, but the Licensee must make its own evaluation before utilising Burp Infiltrator in the manner set out in the Documentation. 4.3. If the Licensee causes its client to install Burp Infiltrator as part of a bespoke consultancy permitted under the terms of the Licence, by so doing it warrants to the Licensor that it has recommended to the client to install Burp Infiltrator on its system and has discussed with the client the contents of the Documentation relating thereto and the potential consequences of such installation. 5. EXTENSIONS 5.1. In the Licence Agreement, "Extension" means all programming additions made by a Licensee or on his behalf or with his concurrence to the Software using the Burp Extender API (as hereinafter defined) to either: 5.1.1. extend the functionality of the Software or any other software produced by the Licensor; or 5.1.2. enable the Software or any other software produced by the Licensor to inter-operate with other software; but not to copy, clone, reproduce or emulate any existing feature of any software produced by the Licensor; and "Burp App" or "BApp" means an Extension adopted by the Licensor pursuant to this clause. 5.2 "Burp Extender API" means the official Burp Extender application programming interface made available by PortSwigger Ltd and further described as part of the Documentation. 5.3. Extensions may be created for the use of the Licensee provided that if any such Extension is published (which, for the avoidance of doubt, shall include sharing such Extension with another licensee or a third party unless the party to which the Extension is provided is either a client of the Licensee and the relevant Extension has been created for use on an engagement for that or another client of the Licensee, or another Licensee within the Licensee's organisation) the Licensee shall notify the Licensor and provide to it a copy of such Extension and the Licensee agrees that any such Extension shall, at the option of the Licensor, become either: 5.3.1. a Burp App; or 5.3.2. part of the Software. 5.4. When the creation of an Extension is notified to the Licensor or shared publicly and comes to the attention of the Licensor the Licensor has the option, in its sole discretion, to make the Extension a Burp App (Burp App, or BApp) after having carried out such diligence as it deems appropriate, on the Extension. 5.5. The Licensor has established the BApp Store product feature where Burp Apps are described and may be downloaded without charge for use as an Extension. 5.6. All Extensions and Burp Apps remain the property of the author but by creating such Extension, the author has granted an irrevocable, worldwide, perpetual, non-exclusive licence free of charge to the Licensor to incorporate such Extension in the Software and to use, copy, modify and adapt it for any purpose at the Licensor's option and an irrevocable, perpetual, non-exclusive licence to use the Extension free of charge to all third party licensees who download the Burp App from the BApp Store. 5.7. If, at the sole option of the Licensor, the Licensor incorporates an Extension into the Software a notice will be placed on the BApp Store to that effect. 5.8. The Licensor retains the right, without incurring any liability to the Licensee, to disable without notice any Burp App being used by the Licensee where the Licensor considers in its sole discretion that it is necessary to do so for operational, security or quality reasons. 6. THIRD PARTY SOFTWARE The Software may make use of third party technology that is provided with the Software. The Licensor may provide certain notices to the Licensee in the Documentation, readmes or notice files in connection with such third party technology. Third party technology will be licensed to the Licensee either under the terms of this License or, if specified in the Documentation, readmes or notice files, under separate terms or as otherwise notified to the Licensor by the Licensee. 7. INTELLECTUAL PROPERTY RIGHTS 7.1. The Licensee acknowledges that all intellectual property rights in the Software and the Documentation anywhere in the world belong to the Licensor, that rights in the Software are licensed (not sold) to the Licensee, and that the Licensee has no rights in, or to, the Software or the Documentation other than the right to use them in accordance with the terms of the Licence. 7.2. The Licensee acknowledges that it has no right to have access to the Software in source code form. 7.3. The integrity of this Software is protected by technical protection measures ("TPM") so that the intellectual property rights, including copyright, in the Software of the Licensor are not misappropriated. The Licensee must not attempt in any way to remove or circumvent any such TPM, nor apply or manufacture for sale or hire, import, distribute, sell or let for hire, offer or expose for sale or hire, advertise for sale or hire or have in its possession for private or commercial purposes any means the sole intended purpose of which is to facilitate the unauthorised removal or circumvention of such TPM. 7.4. The Licensor will defend Licensee against any claim, demand, suit or proceeding made or brought against Licensee by a third party alleging that any Software or services infringe or misappropriate such third party's intellectual property rights (a "Third Party IPR Claim"), and will indemnify Licensee from any direct damages, finally awarded against Licensee as a result of, or for amounts paid by Licensee under a settlement approved by Licensor in writing of, a Third Party IPR Claim, provided that, in each case the Licensee: 7.4.1. promptly gives Licensor written notice of the Third Party IPR Claim; 7.4.2. gives the Licensor, at its sole option, the sole control of the defence and settlement of the Third Party IPR Claim; and 7.4.3. gives Licensor all reasonable assistance, at Licensor's expense. If Licensor receives information about an infringement or misappropriation claim related to the Software or services, Licensor may in its discretion and at no cost to Licensee (i) modify the Software or services so that they are no longer claimed to infringe or misappropriate, (ii) obtain a license for Licensee's continued use of the Software or services in accordance with this Agreement, or (iii) terminate Licensee's subscriptions for such Software or services upon 30 days' written notice and refund Licensee any prepaid fees covering the remainder of the term of the terminated licence. The above defence and indemnification obligations do not apply if (1) the allegation does not state with specificity that the Software or services are the basis of the Third Party Claim; (2) a Third Party Claim arises from the use or combination of the Software or services or any part thereof with software, hardware, data, or processes not provided by Licensor, if the Software or Services or use thereof would not infringe without such combination; (3) a Third Party Claim arises from Software or services for which there is no charge or has been provided on a free trial or community licence basis; or (4) a Third Party Claim arises from the Licensee's or a third party's materials or application or Licensee's breach of this Agreement. This clause provides the Licensor's sole liability to, and the Licensee's exclusive remedy against, the Licensor for any Third Party IPR Claim. 8. LICENSOR'S WARRANTY 8.1. The Licensor warrants that for a period of 90 days from the date of purchase of the Software (Warranty Period) the Software will, when properly used, perform substantially in accordance with the functions described in the Documentation (provided that the Software is properly used on the computer and with the runtime environment for which it was designed as referred to in the Documentation). Burp Apps do not have the benefit of this warranty and the warranty in relation to Burp Collaborator is limited as set out in the Documentation as it relates to Burp Collaborator. This clause 8.1 does not apply in respect of Software for which there is no charge or has been provided on a free trial or community licence basis. 8.2. The Licensee acknowledges that the Software and the Burp Apps are provided "as is" and have not been developed to meet its individual requirements, and that it is therefore the Licensee's responsibility to ensure that the facilities and functions of the Software as described in the Documentation and the facilities and functions of any Burp App meet its requirements. 8.3. The Licensee acknowledges that the Software and the Burp Apps may not be free of bugs or errors, and agree that the existence of minor errors shall not constitute a breach of the Licence. 8.4. If, within the Warranty Period, the Licensee notifies the Licensor in writing of any defect or fault in the Software in consequence of which it fails to perform substantially in accordance with the Documentation, and such defect or fault does not result from the Licensee having amended the Software or used it in contravention of the terms of the Licence, the Licensor will, at its sole option, either repair or replace the Software, provided that the Licensee make available all the information that may be necessary to help the Licensor to remedy the defect or fault, including sufficient information to enable the Licensor to recreate the defect or fault. 9. LICENSOR'S LIABILITY: ATTENTION IS DRAWN PARTICULARLY TO THE PROVISIONS OF THIS CONDITION 9.1. Nothing in the Licence shall limit or exclude the liability of either party for death or personal injury resulting from negligence, fraud, fraudulent misrepresentation or any other liability that cannot be limited by law. 9.2. Subject to section 9.1, the Licensor's liability for losses suffered by the Licensee arising out of or in connection with the Licence (including any liability for the acts or omissions of its employees, agents and subcontractors), whether arising in contract, tort (including negligence), misrepresentation or otherwise, shall not include liability for: 9.2.1. loss of turnover, sales or income; 9.2.2. loss of business profits or contracts; 9.2.3. business interruption; 9.2.4. loss of the use of money or anticipated savings; 9.2.5. loss of information; 9.2.6. loss of opportunity, goodwill or reputation; 9.2.7. loss of, damage to or corruption of software or data; or 9.2.8. any indirect or consequential loss or damage of any kind howsoever arising and whether caused by tort (including negligence), breach of contract or otherwise. 9.3. The Licence sets out the full extent of the Licensor's obligations and liabilities in respect of the supply of the Software and Burp Apps. In particular, there are no conditions, warranties, representations or other terms, express or implied, that are binding on the Licensor except as specifically stated in the Licence. Any condition, warranty, representation or other term concerning the supply of the Software and Burp Apps which might otherwise be implied into, or incorporated in, the Licence, or any collateral contract, whether by statute, common law or otherwise, is hereby excluded to the fullest extent permitted by law. 10. PUBLICITY AND COMMUNICATION 10.1. By entering into the Licence the Licensee agrees that the Licensor may refer to the Licensee as one of its customers internally and in externally published media and, where relevant, the Licensee grants its consent to the use of the Licensee's logo(s) for this purpose, unless the Licensee notifies the Licensor in writing that the Licensor may not refer to it for such purpose. Any additional disclosure by the Licensor with respect to the Licensee shall be subject to its prior written consent. 10.2. By entering into the Licence, the Licensee consents that the Licensor may process the personal data that it collects from the Licensee in accordance with the Licensor's Privacy Policy. The Licensee is responsible for ensuring it has in place all relevant consents, permissions or rights to share any personal data with the Licensor for the Licensor's use in accordance with the Privacy Policy and these Terms. In particular, the Licensor may use information it holds about the Licensee or its designated contacts for the purposes of, inter alia, sending out renewal reminders, questionnaires to certain categories of users including non-renewers and feedback requests. 10.3. In limited circumstances as described in the Documentation as it relates to Burp Collaborator it is possible that data may be collected by the Licensor in respect of the Licensee and the target systems against which they are using Burp. The Licensor shall deal with all such data in accordance with the Documents relating to Burp Collaborator and the Licensor's Privacy Policy. 10.4. Any questions, comments and requests regarding the Licensor's data processing practices may be addressed to office@portswigger.net. 11. TERMINATION 11.1. The Licensor may terminate the Licence immediately by written notice to the Licensee if the Licensee or any of its users commit a material or persistent breach of the Licence, including without limitation, any failure to make any payment due to the Licensor by its due date, which the Licensee fails to remedy (if remediable) within 14 days after the service of written notice requiring the Licensee to do so. 11.2. Upon termination for any reason: 11.2.1. all rights granted to the Licensee under the Licence shall cease; 11.2.2. the Licensee must cease all activities authorised by the Licence; 11.2.3. the Licensee must immediately delete or remove the Software and any Burp Apps from all computer equipment in its possession, and immediately destroy or return to the Licensor (at the Licensor's option) all copies of the Software and Burp Apps then in its possession, custody or control and, in the case of destruction, certify to the Licensor that it have done so; and 11.2.4. the Licensee must immediately pay to the Licensor any sums due to the Licensor under the Licence. 12. TRANSFER OF RIGHTS AND OBLIGATIONS 12.1. The Licence is binding on the Licensee and the Licensor, and each of their respective successors and assigns. 12.2. The Licensee may not transfer, assign, charge or otherwise dispose of the Licence, or any of its rights or obligations arising under it, without the Licensor's prior written consent. 12.3. Where Licensee is a company, the licenses granted hereunder shall also extend to the Licensee's Group members (meaning, in relation to any company, that company, its subsidiaries, its ultimate holding company and all subsidiaries of such ultimate holding company, as such terms are defined in the Companies Act 2006), provided that such Group members have no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Agreement. 12.4. The Licensor may transfer, assign, charge, sub-contract or otherwise dispose of the Licence, or any of the Licensor's rights or obligations arising under it, at any time during the term of the Licence. 13. NOTICES All notices given by the Licensee to the Licensor must be given to PortSwigger Ltd at office@portswigger.net or Victoria Court, Bexton Road, Knutsford, WA16 0PF, England. The Licensor may give notice to the Licensee at either the e-mail or postal address the Licensee provided to the Licensor when purchasing the Software, or if the Licensee has updated their account details on the website following the purchase of the Software, these details shall be used. Notice will be deemed received and properly served immediately when posted on the Licensor's website, 24 hours after an e-mail is sent, or three days after the date of posting of any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail, that such e-mail was sent to the specified e-mail address of the addressee. 14. EVENTS OUTSIDE LICENSOR'S CONTROL 14.1. The Licensor will not be liable or responsible for any failure to perform, or delay in performance of, any of the Licensor's obligations under the Licence that is caused by events outside its reasonable control ("Force Majeure Event"). 14.2. A Force Majeure Event includes any act, event, non-happening, omission or accident beyond the Licensor's reasonable control and includes in particular (without limitation) the following: 14.2.1. strikes, lock-outs or other industrial action; 14.2.2. civil commotion, riot, invasion, terrorist attack or threat of terrorist attack, war (whether declared or not) or threat of or preparation for war; 14.2.3. fire, explosion, storm, flood, earthquake, subsidence, epidemic or other natural disaster; 14.2.4. impossibility of the use of railways, shipping, aircraft, motor transport or other means of public or private transport; 14.2.5. impossibility of the use of public or private telecommunications networks; and 14.2.6. the acts, decrees, legislation, regulations or restrictions of any government. 14.3. The Licensor's performance under the Licence is deemed to be suspended for the period that the Force Majeure Event continues, and the Licensor will have an extension of time for performance for the duration of that period. The Licensor will use its reasonable endeavours to bring the Force Majeure Event to a close or to find a solution by which its obligations under the Licence may be performed despite the Force Majeure Event. 15. WAIVER 15.1. If the Licensor fails, at any time during the term of the Licence, to insist upon strict performance of any of the Licensee's obligations under the Licence, or if the Licensor fails to exercise any of the rights or remedies to which the Licensor is entitled under the Licence, this shall not constitute a waiver of such rights or remedies and shall not relieve the Licensee from compliance with such obligations. 15.2. A waiver by the Licensor of any default shall not constitute a waiver of any subsequent default. 15.3. No waiver by the Licensor of any of the provisions of the Licence shall be effective unless it is expressly stated to be a waiver and is communicated to the Licensee in writing. 16. SEVERABILITY If any of the terms of the Licence are determined by any competent authority to be invalid, unlawful or unenforceable to any extent, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law. 17. ENTIRE AGREEMENT 17.1. This Licence and any document expressly referred to in it represents the entire agreement between the parties in relation to the licensing of the Software, the Documentation and any Burp Apps and supersedes any prior agreement, understanding or arrangement between the parties, whether oral or in writing. 17.2. The parties each acknowledge that, in entering into the Licence, they have not relied on any representation, undertaking or promise given by the other or implied from anything said or written in negotiations between the parties prior to entering into the Licence except as expressly stated in the Licence. 17.3. Neither party shall have any remedy in respect of any untrue statement made by the other, whether orally or in writing, prior to the date on which the parties entered into this Licence (unless such untrue statement was made fraudulently) and the other party's only remedy shall be for breach of contract as provided in these terms and conditions. 18. LAW AND JURISDICTION The Licence, its subject matter or its formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with English law and submitted to the exclusive jurisdiction of the English courts. Do you accept the license agreement? (y/n)

Liam, PortSwigger Agent | Last updated: Jul 28, 2020 10:59AM UTC

Burp Suite Professional is not designed to run within a CI Pipeline. We have created Burp Suite Enterprise for this use case: - https://portswigger.net/burp/enterprise/features Please let us know if you need any further assistance.

sarang | Last updated: Jul 28, 2020 02:45PM UTC

Hi Liam, May I have any reference/document saying it is not designed in a CI pipeline since On the other hand I can see official document stating it can be integrated with any CI system https://portswigger.net/burp/documentation/enterprise/administration-tasks/integrating-ci Also below is the statement from official document The CI driver can be used both with Burp Professional and Burp Enterprise Kindly clarify whether it is achievable with professional version as as well or not

sarang | Last updated: Jul 29, 2020 04:47AM UTC

Also I am running this using a powershell script which works fine on the server where I have kept the script but it only breaks when I try to run the same using Bamboo CI pipeline

sarang | Last updated: Jul 29, 2020 07:16AM UTC

How can I revoke a license assigned to a user and re-assign it to another user in windows

Liam, PortSwigger Agent | Last updated: Jul 29, 2020 07:18AM UTC

Sarang, Burp Suite Professional is compatible with the native CI driver. However, it is not designed to run within a CI Pipeline. We haven't written any plugins to support the use case and it is outside the scope of our technical support. Please let us know which official document you are referring to and we'll get that amended.

sarang | Last updated: Jul 29, 2020 08:11AM UTC

Hi Liam, There is a readme file comes with burp-ci-driver-v1.0.7beta.zip file .Pasting the contents of the file here. please check the Burp Professional and Burp Enterprise section below ------------------------------------- Burp CI Driver ============== The CI driver is executable in itself and accepts stdin to specify its seed URLs by outputting lines in the format "BURP_SCAN_URL = http://seed.com/path/" in order to make it easy to get seeds from any build. Live help is available by running `java -jar burp-ci-driver-vXXX.jar --help`. Example usage ------------- $ ./build_script.sh | tee build_output.log | java -jar ci-driver.jar http://localhost:1337/SECRET_API_KEY Or add another step to an existing CI step: $ java -jar ci-driver.jar http://localhost:1337/SECRET_API_KEY < build_log_from_previous_step.log Where the script might spawn containers, discover their URLs and output for consumption by the CI driver. When the build script is complete the driver will initiate a scan (outputting "BURP_SCAN_STATUS"), and block while the scan is ongoing. Throughout the scan, issues exceeding the thresholds will be output in a summary form ("BURP_SCAN_ISSUE_EVENT: issue_found [0] - dummy (High, Certain) @ caption"), and also in full if "--json" is specified (in the form "BURP_SCAN_ISSUE_EVENT_JSON: {json_issue_object_here}"). Upon scan completion a network summary is provided in the form "BURP_SCAN_COMPLETE: requests made: 6, network errors: 6") followed by an interpreted result e.g. "BURP_SCAN_RESULT: No issues detected" or "BURP_SCAN_RESULT: 3 issues failed the build" and an exit code of 0 or 1, respectively - i.e. if the result of the example command is non-zero the build is considered failed. Burp Professional and Burp Enterprise ------------------------------------- The CI driver can be used both with Burp Professional and Burp Enterprise. The Burp API URL for each is: Burp Professional: http://localhost:1337/SECRET_API_KEY Burp Enterprise: http://burp-enterprise:8080/api/SECRET_API_KEY The port numbers are configurable; if you've changed from the default please update the URL. Ignoring issues --------------- Issues are reported in the form: BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - name @ http://origin/caption The driver can be configured to ignore issues by matching the part after "issue_found", e.g. by outputting, in a previous build step: BURP_SCAN_IGNORE_EXACT = (High, Certain) - name @ http://origin/caption BURP_SCAN_IGNORE_GLOB = (High, Certain) - name @ http://origin/* BURP_SCAN_IGNORE_REGEX = \(High, Certain\) - .+ @ http://origin(1|2)/.* note that in order to output regex escapes you may need to double-escape them. Why are URLs configured through the build log? ---------------------------------------------- In some environments web servers are started with random IP/hostnames, in order to cater for all such scenarios both seed URLs and ignore rules must be provided in this manner. I don't need dynamic generation of URLs --------------------------------------- Most CI/CD systems allow custom tasks to execute arbitrary commands as part of a build, usually as an intermediary step. These can be conveniently used to output the static configuration required via "echo" commands, e.g. echo BURP_SCAN_URL = http://server echo 'BURP_SCAN_IGNORE_GLOB = * @ http://server/ignore_posix' Or echo BURP_SCAN_IGNORE_GLOB = * @ http://server/ignore_windows Note that whether or not to use quotes is down to the host system; test out your "echo" commands in the relevant terminal for your system to ensure they are outputting the correct line.

sarang | Last updated: Jul 29, 2020 08:14AM UTC

Also I have raised a support ticket for activation of new user with existing license we have as it was configured for wrong user which we want to revoke and assign it to right user since while assigning to new user we are getting a message saying no more activations

Liam, PortSwigger Agent | Last updated: Jul 30, 2020 08:41AM UTC

To clarify on Pro / CI: 1. The driver works technically in both products, but in Pro, it isn’t suitable for repeated CI scans. 2. Pro isn’t licensed for unattended use in CI. Only Enterprise is licensed. Is your license request resolved?

sarang | Last updated: Aug 04, 2020 12:08PM UTC

Hi Liam, I am running burp suite using .jar file and not .exe since I am running it via a powershell script. Now I am facing the license issue as it is everytime asking for license key and due to that Burp suite is not starting up. I want to know is this the default behavior with .jar file or there is some workaround so that the license key will not be asked everytime I am running the suite

sarang | Last updated: Aug 04, 2020 12:08PM UTC

Hi Liam, I am running burp suite using .jar file and not .exe since I am running it via a powershell script. Now I am facing the license issue as it is everytime asking for license key and due to that Burp suite is not starting up. I want to know is this the default behavior with .jar file or there is some workaround so that the license key will not be asked everytime I am running the suite

Liam, PortSwigger Agent | Last updated: Aug 04, 2020 01:45PM UTC

This shouldn't be occurring. Which OS are you using?

sarang | Last updated: Aug 04, 2020 01:56PM UTC

it is windows server 2012 R2. What could be the reason then?

Liam, PortSwigger Agent | Last updated: Aug 05, 2020 07:17AM UTC

It could be that something is deleting your key registry. Is it possible that you are running any software that would affect your Windows Key Registry? Have you tried running Burp as an Administrator?

sarang | Last updated: Aug 05, 2020 07:31AM UTC

Is it possible that you are running any software that would affect your Windows Key Registry? How can we check this? Have you tried running Burp as an Administrator? Yes Tried with Administrator but seeing same issue

Liam, PortSwigger Agent | Last updated: Aug 05, 2020 07:38AM UTC

Burp stores the license activation state in a user-specific location – on Windows, this is held within the Registry. You can navigate to the Registry when the license is installed to check if it has been updated. The activation is keyed to the user account that performed it. If you change the user context, then this may cause problems for the activation state. Also, if you use a non-persistent filesystem, or have any other tools installed that clean or refresh the registry periodically, then this might explain the problem. Please let us know if either of those explanations might account for what you're seeing.

sarang | Last updated: Aug 05, 2020 11:00AM UTC

Could you please help with the path in windows where this state is held/stored? where exactly in Registry??

sarang | Last updated: Aug 05, 2020 12:44PM UTC

Also is there any way you know to handle the license activation via powershell?

Liam, PortSwigger Agent | Last updated: Aug 06, 2020 09:27AM UTC

For the registry - https://kb.blackbaud.com/articles/Knowledge/46034. Could we ask the use case for handling the license activation via Powershell?

sarang | Last updated: Aug 06, 2020 10:09AM UTC

Could we ask the use case for handling the license activation via Powershell? Since the license key is getting wiped out everytime we run Via CI pipeline we thought if we can pass it via powershell everytime we run...

Liam, PortSwigger Agent | Last updated: Aug 07, 2020 07:40AM UTC

The license activation will still be used in that scenario. Did you have any luck with the Registry?

sarang | Last updated: Aug 16, 2020 07:21AM UTC

no luck with registry... So I have one question here... Can I add license key directly as a string value to registry using powershell?

Liam, PortSwigger Agent | Last updated: Aug 18, 2020 07:52AM UTC

What steps did you take with the registry? We're not aware of a way to add to the registry using Powershell.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.