├── .gitignore ├── entrypoint.sh ├── .github ├── dependabot.yml └── workflows │ └── test.yml ├── download.sh ├── Dockerfile ├── README.md └── config ├── user_options.json └── project_options.json /.gitignore: -------------------------------------------------------------------------------- 1 | java 2 | workspace 3 | *.jar 4 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | set -e 4 | 5 | exec java "$JAVA_OPTS" -jar "$@" 6 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | - package-ecosystem: "docker" 8 | directory: "/" 9 | schedule: 10 | interval: "daily" 11 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | on: push 3 | name: build 4 | jobs: 5 | test: 6 | name: Run tests 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@v4 10 | 11 | - name: Dockerfilelint 12 | uses: docker://replicated/dockerfilelint 13 | with: 14 | args: Dockerfile 15 | 16 | - name: ShellCheck 17 | run: shellcheck download.sh entrypoint.sh 18 | -------------------------------------------------------------------------------- /download.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | email="$PORTSWIGGER_EMAIL_ADDRESS" 4 | password="$PORTSWIGGER_PASSWORD" 5 | 6 | name="burpsuite_pro" 7 | version="$BURP_SUITE_PRO_VERSION" 8 | file_name="$HOME/${name}_v$version.jar" 9 | checksum="$BURP_SUITE_PRO_CHECKSUM" 10 | 11 | cookie_jar="$HOME/cookies" 12 | 13 | # Make initial request to get the 'request verification token' (CSRF). 14 | token=$(curl -s --cookie-jar "$cookie_jar" "https://portswigger.net/users" | grep -oE "[A-Z0-9_-]{128}") 15 | 16 | # Login using the username (email address) and password. 17 | curl https://portswigger.net/users \ 18 | -b "$cookie_jar" \ 19 | -c "$cookie_jar" \ 20 | -F "EmailAddress=$email" \ 21 | -F "Password=$password" \ 22 | -F "__RequestVerificationToken=$token" 23 | 24 | # Download the JAR file. 25 | curl -b "$cookie_jar" \ 26 | -o "$file_name" \ 27 | "https://portswigger.net/burp/releases/download?product=pro&version=$version&type=Jar" -v 28 | 29 | echo "$checksum *$file_name" | sha256sum -c || exit 30 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openjdk:11-jre-slim@sha256:93af7df2308c5141a751c4830e6b6c5717db102b3b31f012ea29d842dc4f2b02 2 | LABEL maintainer="Koen Rouwhorst " 3 | 4 | ARG PORTSWIGGER_EMAIL_ADDRESS 5 | ARG PORTSWIGGER_PASSWORD 6 | 7 | ENV BURP_SUITE_PRO_VERSION="2023.10.2.3" 8 | ENV BURP_SUITE_PRO_CHECKSUM="83f17e843b347991b5be9f1450ba26f92417d8325ccc27d18f15d1cd9221b5f2" 9 | 10 | ENV HOME /home/burp 11 | 12 | ENV JAVA_OPTS "-Dawt.useSystemAAFontSettings=gasp "\ 13 | "-Dswing.aatext=true "\ 14 | "-Dsun.java2d.xrender=true" \ 15 | "-XX:+UnlockExperimentalVMOptions "\ 16 | "-XX:+UseCGroupMemoryLimitForHeap "\ 17 | "-XshowSettings:vm" 18 | 19 | RUN apt update && apt install -y curl openssl ca-certificates \ 20 | fontconfig libxext6 libxrender1 libxtst6 21 | 22 | COPY ./download.sh ./entrypoint.sh /home/burp/ 23 | RUN chmod +x /home/burp/download.sh /home/burp/entrypoint.sh && \ 24 | /home/burp/download.sh && \ 25 | mv "$HOME/burpsuite_pro_v$BURP_SUITE_PRO_VERSION.jar" /home/burp/burpsuite_pro.jar 26 | 27 | RUN addgroup --system burp && \ 28 | adduser --system --ingroup burp burp 29 | 30 | RUN mkdir -p .java/.userPrefs 31 | 32 | USER burp 33 | WORKDIR $HOME 34 | 35 | # Burp Proxy 36 | EXPOSE 8080 37 | 38 | # Burp REST API 39 | EXPOSE 1337 40 | 41 | ENTRYPOINT ["/home/burp/entrypoint.sh", "/home/burp/burpsuite_pro.jar"] 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Burp Suite Pro 2 | 3 | This allows you to run Burp Suite Professional in a container. This guide describes 4 | the steps to run Burp on a Mac, but steps for Linux should be fairly similar. 5 | 6 | ## Prerequisites 7 | 8 | - You need a [Burp Suite Professional](https://portswigger.net/burp) license. 9 | - You need to have the following installed on your host: 10 | - [Docker](https://docs.docker.com/install/) 11 | - [XQuartz](https://www.xquartz.org/) 12 | - [socat](http://www.dest-unreach.org/socat/) 13 | 14 | :warning: If you did not have installed XQuartz, make sure to reboot your Mac after 15 | the installation so that the X11 window server is set up correctly for the current 16 | user. 17 | 18 | ## Building the image 19 | 20 | First, clone this GitHub repository on your host: 21 | 22 | ```bash 23 | git clone https://github.com/koenrh/docker-burp-suite-pro.git 24 | ``` 25 | 26 | Then, build the Docker image using the following command. Provide the email address 27 | and password (or customer number for some customers) you would normally use to login 28 | to your PortSwigger account. 29 | 30 | ```bash 31 | docker build -t koenrh/burp-suite-pro \ 32 | --build-arg PORTSWIGGER_EMAIL_ADDRESS="$PORTSWIGGER_EMAIL_ADDRESS" \ 33 | --build-arg PORTSWIGGER_PASSWORD="$PORTSWIGGER_PASSWORD" . 34 | ``` 35 | 36 | While building the image, the JAR (Java ARchive) of Burp Suite Pro is pulled form 37 | the PortSwigger portal. 38 | 39 | ## Setup 40 | 41 | 1. Start the X window server by opening XQuartz (`open -a xquartz`). 42 | 1. Expose the local XQuartz socket on TCP port 6000 using `socat`: 43 | 44 | ``` 45 | socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\" 46 | ``` 47 | 48 | Note that you need to run this command from your host, not the XQuartz terminal. 49 | 50 | ## Usage 51 | 52 | ```bash 53 | docker run --rm \ 54 | -v "/tmp/.X11-unix:/tmp/.X11-unix" \ 55 | -e "DISPLAY=docker.for.mac.host.internal:0" \ 56 | -v "$HOME/src/github.com/koenrh/burp/java:/home/burp/.java" \ 57 | -p 8080:8080 \ 58 | --name burp-suite-pro 59 | koenrh/burp-suite-pro 60 | ``` 61 | 62 | You could make this command more easily accessible by putting it an executable, 63 | and make sure that it is available in your `$PATH`. Alternative, you could create 64 | wrapper functions for your `docker run` commands ([example](https://github.com/jessfraz/dotfiles/blob/master/.dockerfunc)). 65 | 66 | ### Burp Proxy 67 | 68 | In order to make Burp Proxy available to the host, you need to bind on the public 69 | interface. 70 | 71 | 1. In Burp, open the 'Proxy' tab, and then the 'Options' tab. 72 | 1. Add a new 'Proxy Listener' by clicking the 'Add' button. 73 | 1. Enter the preferred port number, and make sure that 'Bind to address' is set 74 | to 'All interfaces'. 75 | 1. Verify that the proxy is working by running the following command on your host: 76 | 77 | ```bash 78 | curl -x http://127.0.0.1:8080 http://example.com 79 | ``` 80 | 81 | ## Notes 82 | 83 | 1. When prompted, do not updated Burp Suite through the GUI. Pull and build an 84 | updated image instead. 85 | 1. Do not the delete the mapped `.java` directory on your host. It contains important 86 | license activation data. 87 | -------------------------------------------------------------------------------- /config/user_options.json: -------------------------------------------------------------------------------- 1 | { 2 | "user_options": { 3 | "connections": { 4 | "platform_authentication": { 5 | "credentials": [], 6 | "do_platform_authentication": true, 7 | "prompt_on_authentication_failure": false 8 | }, 9 | "socks_proxy": { 10 | "dns_over_socks": false, 11 | "host": "", 12 | "password": "", 13 | "port": 0, 14 | "use_proxy": false, 15 | "username": "" 16 | }, 17 | "upstream_proxy": { 18 | "servers": [] 19 | } 20 | }, 21 | "display": { 22 | "character_sets": { 23 | "mode": "recognize_automatically" 24 | }, 25 | "html_rendering": { 26 | "allow_http_requests": true, 27 | "enable_embedded_browser_sandbox": true 28 | }, 29 | "http_message_display": { 30 | "font_name": "Courier", 31 | "font_size": 13, 32 | "font_smoothing": true, 33 | "highlight_requests": true, 34 | "highlight_responses": true 35 | }, 36 | "user_interface": { 37 | "font_size": 13, 38 | "look_and_feel": "Nimbus" 39 | } 40 | }, 41 | "extender": { 42 | "extensions": [], 43 | "java": { 44 | "folder_for_loading_library_jar_files": "" 45 | }, 46 | "python": { 47 | "folder_for_loading_modules": "", 48 | "location_of_jython_standalone_jar_file": "" 49 | }, 50 | "ruby": { 51 | "location_of_jruby_jar_file": "" 52 | }, 53 | "settings": { 54 | "automatically_reload_extensions_on_startup": true, 55 | "automatically_update_bapps_on_startup": true 56 | } 57 | }, 58 | "misc": { 59 | "api": { 60 | "enabled": true, 61 | "insecure_mode": false, 62 | "keys": [], 63 | "listen_mode": "all_interfaces", 64 | "port": 1337 65 | }, 66 | "automatic_project_backup": { 67 | "delete_on_shutdown": true, 68 | "enabled": true, 69 | "in_scope_only": false, 70 | "interval": 30, 71 | "show_progress": true 72 | }, 73 | "enable_proxy_interception_at_startup": "always", 74 | "hotkeys": [ 75 | { 76 | "action": "send_to_repeater", 77 | "hotkey": "Ctrl+R" 78 | }, 79 | { 80 | "action": "send_to_intruder", 81 | "hotkey": "Ctrl+I" 82 | }, 83 | { 84 | "action": "forward_intercepted_proxy_message", 85 | "hotkey": "Ctrl+F" 86 | }, 87 | { 88 | "action": "toggle_proxy_interception", 89 | "hotkey": "Ctrl+T" 90 | }, 91 | { 92 | "action": "switch_to_dashboard", 93 | "hotkey": "Ctrl+Shift+D" 94 | }, 95 | { 96 | "action": "switch_to_target", 97 | "hotkey": "Ctrl+Shift+T" 98 | }, 99 | { 100 | "action": "switch_to_proxy", 101 | "hotkey": "Ctrl+Shift+P" 102 | }, 103 | { 104 | "action": "switch_to_intruder", 105 | "hotkey": "Ctrl+Shift+I" 106 | }, 107 | { 108 | "action": "switch_to_repeater", 109 | "hotkey": "Ctrl+Shift+R" 110 | }, 111 | { 112 | "action": "switch_to_project_options", 113 | "hotkey": "Ctrl+Shift+O" 114 | }, 115 | { 116 | "action": "switch_to_alerts_tab", 117 | "hotkey": "Ctrl+Shift+A" 118 | }, 119 | { 120 | "action": "go_to_previous_tab", 121 | "hotkey": "Ctrl+Minus" 122 | }, 123 | { 124 | "action": "go_to_next_tab", 125 | "hotkey": "Ctrl+Equals" 126 | }, 127 | { 128 | "action": "editor_cut", 129 | "hotkey": "Ctrl+X" 130 | }, 131 | { 132 | "action": "editor_copy", 133 | "hotkey": "Ctrl+C" 134 | }, 135 | { 136 | "action": "editor_paste", 137 | "hotkey": "Ctrl+V" 138 | }, 139 | { 140 | "action": "editor_undo", 141 | "hotkey": "Ctrl+Z" 142 | }, 143 | { 144 | "action": "editor_redo", 145 | "hotkey": "Ctrl+Y" 146 | }, 147 | { 148 | "action": "editor_select_all", 149 | "hotkey": "Ctrl+A" 150 | }, 151 | { 152 | "action": "editor_search", 153 | "hotkey": "Ctrl+S" 154 | }, 155 | { 156 | "action": "editor_go_to_previous_search_match", 157 | "hotkey": "Ctrl+Comma" 158 | }, 159 | { 160 | "action": "editor_go_to_next_search_match", 161 | "hotkey": "Ctrl+Period" 162 | }, 163 | { 164 | "action": "editor_url_decode", 165 | "hotkey": "Ctrl+Shift+U" 166 | }, 167 | { 168 | "action": "editor_url_encode_key_characters", 169 | "hotkey": "Ctrl+U" 170 | }, 171 | { 172 | "action": "editor_html_decode", 173 | "hotkey": "Ctrl+Shift+H" 174 | }, 175 | { 176 | "action": "editor_html_encode_key_characters", 177 | "hotkey": "Ctrl+H" 178 | }, 179 | { 180 | "action": "editor_base64_decode", 181 | "hotkey": "Ctrl+Shift+B" 182 | }, 183 | { 184 | "action": "editor_base64_encode", 185 | "hotkey": "Ctrl+B" 186 | }, 187 | { 188 | "action": "editor_backspace_word", 189 | "hotkey": "Ctrl+Backspace" 190 | }, 191 | { 192 | "action": "editor_delete_word", 193 | "hotkey": "Ctrl+Delete" 194 | }, 195 | { 196 | "action": "editor_delete_line", 197 | "hotkey": "Ctrl+D" 198 | }, 199 | { 200 | "action": "editor_go_to_previous_word", 201 | "hotkey": "Ctrl+Left" 202 | }, 203 | { 204 | "action": "editor_go_to_previous_word_extend_selection", 205 | "hotkey": "Ctrl+Shift+Left" 206 | }, 207 | { 208 | "action": "editor_go_to_next_word", 209 | "hotkey": "Ctrl+Right" 210 | }, 211 | { 212 | "action": "editor_go_to_next_word_extend_selection", 213 | "hotkey": "Ctrl+Shift+Right" 214 | }, 215 | { 216 | "action": "editor_go_to_previous_paragraph", 217 | "hotkey": "Ctrl+Up" 218 | }, 219 | { 220 | "action": "editor_go_to_previous_paragraph_extend_selection", 221 | "hotkey": "Ctrl+Shift+Up" 222 | }, 223 | { 224 | "action": "editor_go_to_next_paragraph", 225 | "hotkey": "Ctrl+Down" 226 | }, 227 | { 228 | "action": "editor_go_to_next_paragraph_extend_selection", 229 | "hotkey": "Ctrl+Shift+Down" 230 | }, 231 | { 232 | "action": "editor_go_to_start_of_document", 233 | "hotkey": "Ctrl+Home" 234 | }, 235 | { 236 | "action": "editor_go_to_start_of_document_extend_selection", 237 | "hotkey": "Ctrl+Shift+Home" 238 | }, 239 | { 240 | "action": "editor_go_to_end_of_document", 241 | "hotkey": "Ctrl+End" 242 | }, 243 | { 244 | "action": "editor_go_to_end_of_document_extend_selection", 245 | "hotkey": "Ctrl+Shift+End" 246 | } 247 | ], 248 | "out_of_scope_history_logging_action": "prompt", 249 | "submit_anonymous_feedback": false, 250 | "temporary_files_location": "" 251 | }, 252 | "proxy": { 253 | "http_history": { 254 | "sort_column": "#", 255 | "sort_order": "ascending" 256 | }, 257 | "websockets_history": { 258 | "sort_column": "#", 259 | "sort_order": "ascending" 260 | } 261 | }, 262 | "repeater": { 263 | "view": "left_right_split" 264 | }, 265 | "ssl": { 266 | "client_certificates": { 267 | "certificates": [] 268 | }, 269 | "negotiation": { 270 | "disable_sni_extension": false, 271 | "enable_blocked_algorithms": true 272 | } 273 | }, 274 | "target": { 275 | "view": "left_right_split" 276 | } 277 | } 278 | } 279 | -------------------------------------------------------------------------------- /config/project_options.json: -------------------------------------------------------------------------------- 1 | { 2 | "project_options": { 3 | "connections": { 4 | "hostname_resolution": [], 5 | "out_of_scope_requests": { 6 | "advanced_mode": false, 7 | "drop_all_out_of_scope": false, 8 | "exclude": [], 9 | "include": [], 10 | "scope_option": "suite" 11 | }, 12 | "platform_authentication": { 13 | "credentials": [], 14 | "do_platform_authentication": true, 15 | "prompt_on_authentication_failure": false, 16 | "use_user_options": true 17 | }, 18 | "socks_proxy": { 19 | "dns_over_socks": false, 20 | "host": "", 21 | "password": "", 22 | "port": 0, 23 | "use_proxy": false, 24 | "use_user_options": true, 25 | "username": "" 26 | }, 27 | "timeouts": { 28 | "domain_name_resolution_timeout": 300000, 29 | "failed_domain_name_resolution_timeout": 60000, 30 | "normal_timeout": 120000, 31 | "open_ended_response_timeout": 10000 32 | }, 33 | "upstream_proxy": { 34 | "servers": [], 35 | "use_user_options": true 36 | } 37 | }, 38 | "http": { 39 | "redirections": { 40 | "understand_3xx_status_code": true, 41 | "understand_any_status_code_with_location_header": false, 42 | "understand_javascript_driven": false, 43 | "understand_meta_refresh_tag": true, 44 | "understand_refresh_header": true 45 | }, 46 | "status_100_responses": { 47 | "remove_100_continue_responses": false, 48 | "understand_100_continue_responses": true 49 | }, 50 | "streaming_responses": { 51 | "scope_advanced_mode": false, 52 | "store": true, 53 | "strip_chunked_encoding_metadata": true, 54 | "urls": [] 55 | } 56 | }, 57 | "misc": { 58 | "collaborator_server": { 59 | "location": "", 60 | "poll_over_unencrypted_http": false, 61 | "polling_location": "", 62 | "type": "default" 63 | }, 64 | "logging": { 65 | "requests": { 66 | "all_tools": "", 67 | "extender": "", 68 | "intruder": "", 69 | "proxy": "", 70 | "repeater": "", 71 | "scanner": "", 72 | "sequencer": "" 73 | }, 74 | "responses": { 75 | "all_tools": "", 76 | "extender": "", 77 | "intruder": "", 78 | "proxy": "", 79 | "repeater": "", 80 | "scanner": "", 81 | "sequencer": "" 82 | } 83 | }, 84 | "scheduled_tasks": { 85 | "tasks": [] 86 | } 87 | }, 88 | "sessions": { 89 | "cookie_jar": { 90 | "monitor_extender": false, 91 | "monitor_intruder": false, 92 | "monitor_proxy": true, 93 | "monitor_repeater": false, 94 | "monitor_scanner": false, 95 | "monitor_sequencer": false 96 | }, 97 | "macros": { 98 | "macros": [] 99 | }, 100 | "session_handling_rules": { 101 | "rules": [ 102 | { 103 | "actions": [ 104 | { 105 | "enabled": true, 106 | "match_cookies": "all_except", 107 | "type": "use_cookies" 108 | } 109 | ], 110 | "description": "Use cookies from Burp's cookie jar", 111 | "enabled": true, 112 | "exclude_from_scope": [], 113 | "include_in_scope": [], 114 | "named_params": [], 115 | "restrict_scope_to_named_params": false, 116 | "tools_scope": [ 117 | "Scanner" 118 | ], 119 | "url_scope": "all", 120 | "url_scope_advanced_mode": false 121 | } 122 | ] 123 | } 124 | }, 125 | "ssl": { 126 | "client_certificates": { 127 | "certificates": [], 128 | "use_user_options": true 129 | }, 130 | "negotiation": { 131 | "allow_unsafe_renegotiation": false, 132 | "automatically_select_compatible_ssl_parameters_on_failure": true, 133 | "disable_ssl_session_resume": false, 134 | "enabled_ciphers": [], 135 | "enabled_protocols": [], 136 | "use_platform_default_protocols_and_ciphers": true 137 | } 138 | } 139 | }, 140 | "proxy": { 141 | "http_history_display_filter": { 142 | "by_annotation": { 143 | "show_only_commented_items": false, 144 | "show_only_highlighted_items": false 145 | }, 146 | "by_file_extension": { 147 | "hide_items": [ 148 | "js", 149 | "gif", 150 | "jpg", 151 | "png", 152 | "css" 153 | ], 154 | "hide_specific": false, 155 | "show_items": [ 156 | "asp", 157 | "aspx", 158 | "jsp", 159 | "php" 160 | ], 161 | "show_only_specific": false 162 | }, 163 | "by_listener": { 164 | "port": "" 165 | }, 166 | "by_mime_type": { 167 | "show_css": false, 168 | "show_flash": true, 169 | "show_html": true, 170 | "show_images": false, 171 | "show_other_binary": false, 172 | "show_other_text": true, 173 | "show_script": true, 174 | "show_xml": true 175 | }, 176 | "by_request_type": { 177 | "hide_items_without_responses": false, 178 | "show_only_in_scope_items": false, 179 | "show_only_parameterized_requests": false 180 | }, 181 | "by_search": { 182 | "case_sensitive": false, 183 | "negative_search": false, 184 | "regex": false, 185 | "term": "" 186 | }, 187 | "by_status_code": { 188 | "show_2xx": true, 189 | "show_3xx": true, 190 | "show_4xx": true, 191 | "show_5xx": true 192 | } 193 | }, 194 | "intercept_client_requests": { 195 | "automatically_fix_missing_or_superfluous_new_lines_at_end_of_request": false, 196 | "automatically_update_content_length_header_when_the_request_is_edited": true, 197 | "do_intercept": true, 198 | "rules": [ 199 | { 200 | "boolean_operator": "and", 201 | "enabled": true, 202 | "match_condition": "(^gif$|^jpg$|^png$|^css$|^js$|^ico$)", 203 | "match_relationship": "does_not_match", 204 | "match_type": "file_extension" 205 | }, 206 | { 207 | "boolean_operator": "or", 208 | "enabled": false, 209 | "match_relationship": "contains_parameters", 210 | "match_type": "request" 211 | }, 212 | { 213 | "boolean_operator": "or", 214 | "enabled": false, 215 | "match_condition": "(get|post)", 216 | "match_relationship": "does_not_match", 217 | "match_type": "http_method" 218 | }, 219 | { 220 | "boolean_operator": "and", 221 | "enabled": false, 222 | "match_relationship": "is_in_target_scope", 223 | "match_type": "url" 224 | } 225 | ] 226 | }, 227 | "intercept_server_responses": { 228 | "automatically_update_content_length_header_when_the_response_is_edited": true, 229 | "do_intercept": false, 230 | "rules": [ 231 | { 232 | "boolean_operator": "or", 233 | "enabled": true, 234 | "match_condition": "text", 235 | "match_relationship": "matches", 236 | "match_type": "content_type_header" 237 | }, 238 | { 239 | "boolean_operator": "or", 240 | "enabled": false, 241 | "match_relationship": "was_modified", 242 | "match_type": "request" 243 | }, 244 | { 245 | "boolean_operator": "or", 246 | "enabled": false, 247 | "match_relationship": "was_intercepted", 248 | "match_type": "request" 249 | }, 250 | { 251 | "boolean_operator": "and", 252 | "enabled": false, 253 | "match_condition": "^304$", 254 | "match_relationship": "does_not_match", 255 | "match_type": "status_code" 256 | }, 257 | { 258 | "boolean_operator": "and", 259 | "enabled": false, 260 | "match_relationship": "is_in_target_scope", 261 | "match_type": "url" 262 | } 263 | ] 264 | }, 265 | "intercept_web_sockets_messages": { 266 | "client_to_server_messages": true, 267 | "server_to_client_messages": true 268 | }, 269 | "match_replace_rules": [ 270 | { 271 | "comment": "Emulate IE", 272 | "enabled": false, 273 | "is_simple_match": false, 274 | "rule_type": "request_header", 275 | "string_match": "^User-Agent.*$", 276 | "string_replace": "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 277 | }, 278 | { 279 | "comment": "Emulate iOS", 280 | "enabled": false, 281 | "is_simple_match": false, 282 | "rule_type": "request_header", 283 | "string_match": "^User-Agent.*$", 284 | "string_replace": "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3" 285 | }, 286 | { 287 | "comment": "Emulate Android", 288 | "enabled": false, 289 | "is_simple_match": false, 290 | "rule_type": "request_header", 291 | "string_match": "^User-Agent.*$", 292 | "string_replace": "User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" 293 | }, 294 | { 295 | "comment": "Require non-cached response", 296 | "enabled": false, 297 | "is_simple_match": false, 298 | "rule_type": "request_header", 299 | "string_match": "^If-Modified-Since.*$" 300 | }, 301 | { 302 | "comment": "Require non-cached response", 303 | "enabled": false, 304 | "is_simple_match": false, 305 | "rule_type": "request_header", 306 | "string_match": "^If-None-Match.*$" 307 | }, 308 | { 309 | "comment": "Hide Referer header", 310 | "enabled": false, 311 | "is_simple_match": false, 312 | "rule_type": "request_header", 313 | "string_match": "^Referer.*$" 314 | }, 315 | { 316 | "comment": "Require non-compressed responses", 317 | "enabled": false, 318 | "is_simple_match": false, 319 | "rule_type": "request_header", 320 | "string_match": "^Accept-Encoding.*$" 321 | }, 322 | { 323 | "comment": "Ignore cookies", 324 | "enabled": false, 325 | "is_simple_match": false, 326 | "rule_type": "response_header", 327 | "string_match": "^Set-Cookie.*$" 328 | }, 329 | { 330 | "comment": "Rewrite Host header", 331 | "enabled": false, 332 | "is_simple_match": false, 333 | "rule_type": "request_header", 334 | "string_match": "^Host: foo.example.org$", 335 | "string_replace": "Host: bar.example.org" 336 | }, 337 | { 338 | "comment": "Add spoofed CORS origin", 339 | "enabled": false, 340 | "is_simple_match": true, 341 | "rule_type": "request_header", 342 | "string_replace": "Origin: foo.example.org" 343 | }, 344 | { 345 | "comment": "Remove HSTS headers", 346 | "enabled": false, 347 | "is_simple_match": false, 348 | "rule_type": "response_header", 349 | "string_match": "^Strict\\-Transport\\-Security.*$" 350 | }, 351 | { 352 | "comment": "Disable browser XSS protection", 353 | "enabled": false, 354 | "is_simple_match": true, 355 | "rule_type": "response_header", 356 | "string_replace": "X-XSS-Protection: 0" 357 | } 358 | ], 359 | "miscellaneous": { 360 | "disable_logging_to_history_and_site_map": false, 361 | "disable_out_of_scope_logging_to_history_and_site_map": true, 362 | "disable_web_interface": false, 363 | "remove_unsupported_encodings_from_accept_encoding_headers_in_incoming_requests": true, 364 | "set_connection_close_header_on_requests": true, 365 | "set_connection_close_header_on_responses": false, 366 | "strip_proxy_headers_in_incoming_requests": true, 367 | "strip_sec_websocket_extensions_headers_in_incoming_requests": true, 368 | "suppress_burp_error_messages_in_browser": false, 369 | "unpack_gzip_deflate_in_requests": false, 370 | "unpack_gzip_deflate_in_responses": true, 371 | "use_http_10_in_requests_to_server": false, 372 | "use_http_10_in_responses_to_client": false 373 | }, 374 | "request_listeners": [ 375 | { 376 | "certificate_mode": "per_host", 377 | "listen_mode": "all_interfaces", 378 | "listener_port": 8080, 379 | "running": true 380 | } 381 | ], 382 | "response_modification": { 383 | "convert_https_links_to_http": false, 384 | "enable_disabled_form_fields": false, 385 | "highlight_unhidden_fields": false, 386 | "remove_all_javascript": false, 387 | "remove_input_field_length_limits": false, 388 | "remove_javascript_form_validation": false, 389 | "remove_object_tags": false, 390 | "remove_secure_flag_from_cookies": false, 391 | "unhide_hidden_form_fields": false 392 | }, 393 | "ssl_pass_through": { 394 | "automatically_add_entries_on_client_ssl_negotiation_failure": false, 395 | "rules": [] 396 | }, 397 | "web_sockets_history_display_filter": { 398 | "by_annotation": { 399 | "show_only_commented_items": false, 400 | "show_only_highlighted_items": false 401 | }, 402 | "by_listener": { 403 | "listener_port": "" 404 | }, 405 | "by_request_type": { 406 | "hide_incoming_messages": false, 407 | "hide_outgoing_messages": false, 408 | "show_only_in_scope_items": false 409 | }, 410 | "by_search": { 411 | "case_sensitive": false, 412 | "negative_search": false, 413 | "regex": false, 414 | "term": "" 415 | } 416 | } 417 | }, 418 | "repeater": { 419 | "follow_redirections": "never", 420 | "process_cookies_in_redirections": false, 421 | "unpack_gzip_deflate": true, 422 | "update_content_length": true 423 | }, 424 | "sequencer": { 425 | "live_capture": { 426 | "ignore_abnormal_length_tokens": true, 427 | "max_length_deviation": 5, 428 | "num_threads": 5, 429 | "throttle": 0 430 | }, 431 | "token_analysis": { 432 | "compression": true, 433 | "correlation": true, 434 | "count": true, 435 | "fips_long_run": true, 436 | "fips_monobit": true, 437 | "fips_poker": true, 438 | "fips_runs": true, 439 | "spectral": true, 440 | "transitions": true 441 | }, 442 | "token_handling": { 443 | "base_64_decode_before_analyzing": false, 444 | "pad_short_tokens_at": "start", 445 | "pad_with": "0" 446 | } 447 | }, 448 | "target": { 449 | "filter": { 450 | "by_annotation": { 451 | "show_only_commented_items": false, 452 | "show_only_highlighted_items": false 453 | }, 454 | "by_file_extension": { 455 | "hide_items": [ 456 | "js", 457 | "gif", 458 | "jpg", 459 | "png", 460 | "css" 461 | ], 462 | "hide_specific": false, 463 | "show_items": [ 464 | "asp", 465 | "aspx", 466 | "jsp", 467 | "php" 468 | ], 469 | "show_only_specific": false 470 | }, 471 | "by_folders": { 472 | "hide_empty_folders": true 473 | }, 474 | "by_mime_type": { 475 | "show_css": false, 476 | "show_flash": true, 477 | "show_html": true, 478 | "show_images": false, 479 | "show_other_binary": false, 480 | "show_other_text": true, 481 | "show_script": true, 482 | "show_xml": true 483 | }, 484 | "by_request_type": { 485 | "hide_not_found_items": true, 486 | "show_only_in_scope_items": false, 487 | "show_only_parameterized_requests": false, 488 | "show_only_requested_items": false 489 | }, 490 | "by_search": { 491 | "case_sensitive": false, 492 | "negative_search": false, 493 | "regex": false, 494 | "term": "" 495 | }, 496 | "by_status_code": { 497 | "show_2xx": true, 498 | "show_3xx": true, 499 | "show_4xx": false, 500 | "show_5xx": true 501 | } 502 | }, 503 | "scope": { 504 | "advanced_mode": true, 505 | "exclude": [], 506 | "include": [] 507 | } 508 | } 509 | } 510 | --------------------------------------------------------------------------------