├── .gitignore ├── LICENSE ├── README.md ├── burpcollaborator.service ├── cleanup.sh ├── collaborator.config ├── dnshook.sh ├── install.sh ├── renewcert.sh └── startcollab.sh /.gitignore: -------------------------------------------------------------------------------- 1 | burp.jar 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Jarmo Puttonen 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Burp Suite - Private collaborator server 2 | 3 | A script for installing private Burp Collaborator with Let's Encrypt SSL-certificate. Requires an Ubuntu virtual machine and public IP-address. 4 | 5 | Works for example with Ubuntu 18.04/20.04/22.10 virtual machine and with following platforms: 6 | - Amazon AWS EC2 VM (with or without Elastic IP). 7 | - DigitalOcean VM (with or without Floating IP). 8 | 9 | Please see the below blog post for usage instructions: 10 | 11 | [https://teamrot.fi/self-hosted-burp-collaborator-with-custom-domain/](https://teamrot.fi/self-hosted-burp-collaborator-with-custom-domain/) 12 | 13 | ## TL;DR: 14 | 15 | 1. Clone this repository. 16 | 2. Install Burp to /usr/local/BurpSuitePro. 17 | 3. Run `sudo ./install.sh yourdomain.fi your@email.fi` (the email is for Let's Encrypt expiry notifications). 18 | 4. You should now have Let's encrypt certificate for the domain and a private burp collaborator properly set up. 19 | 5. Start the collaborator with `sudo service burpcollaborator start`. 20 | 6. Configure your Burp Suite Professional to use it. 21 | 7. ???? 22 | 8. Profit. 23 | 24 | ### Important note: 25 | 26 | As stated in [the blog post](https://teamrot.fi/self-hosted-burp-collaborator-with-custom-domain/), be sure to firewall the ports 9443 and 9090 properly to allow connections only from your own Burp Suite computer IP address. Otherwise everyone in the internet can use your collaborator server! 27 | -------------------------------------------------------------------------------- /burpcollaborator.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Burp Collaborator 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart=/usr/local/collaborator/startcollab.sh 8 | User=root 9 | Restart=on-failure 10 | TimeoutStopSec=120 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Kill fixed resolver. 4 | pkill -f dnslib.fixedresolver 5 | 6 | # Restart Burp if it was started before renewal process. 7 | if [[ "$CERTBOT_AUTH_OUTPUT" == "active" ]] 8 | then 9 | service burpcollaborator start 10 | fi 11 | 12 | rm -f /tmp/collab.zonefile 13 | 14 | -------------------------------------------------------------------------------- /collaborator.config: -------------------------------------------------------------------------------- 1 | { 2 | "serverDomain" : "BDOMAIN", 3 | "workerThreads" : 10, 4 | "eventCapture": { 5 | "localAddress" : ["INT_IP"], 6 | "publicAddress" : "EXT_IP", 7 | "http": { 8 | "ports" : 80 9 | }, 10 | "https": { 11 | "ports" : 443 12 | }, 13 | "smtp": { 14 | "ports" : [25, 587] 15 | }, 16 | "smtps": { 17 | "ports" : 465 18 | }, 19 | "ssl": { 20 | "certificateFiles" : [ 21 | "/usr/local/collaborator/keys/privkey.pem", 22 | "/usr/local/collaborator/keys/cert.pem", 23 | "/usr/local/collaborator/keys/fullchain.pem" ] 24 | } 25 | }, 26 | "polling" : { 27 | "localAddress" : "INT_IP", 28 | "publicAddress" : "EXT_IP", 29 | "http": { 30 | "port" : 9090 31 | }, 32 | "https": { 33 | "port" : 9443 34 | }, 35 | "ssl": { 36 | "certificateFiles" : [ 37 | "/usr/local/collaborator/keys/privkey.pem", 38 | "/usr/local/collaborator/keys/cert.pem", 39 | "/usr/local/collaborator/keys/fullchain.pem" ] 40 | } 41 | }, 42 | "metrics": { 43 | "path" : "burp-metrics-path", 44 | "addressWhitelist" : ["127.0.0.1/32"] 45 | }, 46 | "dns": { 47 | "interfaces" : [{ 48 | "name": "ns1.BDOMAIN", 49 | "localAddress" : "INT_IP", 50 | "publicAddress" : "EXT_IP" 51 | }], 52 | "ports" : 53 53 | }, 54 | "logLevel" : "INFO" 55 | } 56 | -------------------------------------------------------------------------------- /dnshook.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | MYPRIVATEIP=$1 4 | MYPUBLICIP=$(curl -s http://checkip.amazonaws.com/) 5 | 6 | # Ensure CERTBOT_DOMAIN and CERTBOT_VALIDATION are set 7 | if [[ -z "$CERTBOT_DOMAIN" || -z "$CERTBOT_VALIDATION" ]]; then 8 | echo "CERTBOT_DOMAIN and CERTBOT_VALIDATION must be set" 9 | exit 1 10 | fi 11 | 12 | # Create the DNS zone file 13 | cat < /tmp/collab.zonefile 14 | \$TTL 10 15 | @ IN SOA ns1.$CERTBOT_DOMAIN. hostmaster.$CERTBOT_DOMAIN. ( 16 | 2024062501 ; serial 17 | 3600 ; refresh (1 hour) 18 | 1800 ; retry (30 minutes) 19 | 1209600 ; expire (2 weeks) 20 | 3600 ; minimum (1 hour) 21 | ) 22 | 23 | @ IN NS ns1.$CERTBOT_DOMAIN. 24 | @ IN A $MYPUBLICIP 25 | 26 | _acme-challenge.$CERTBOT_DOMAIN. 10 IN TXT "$CERTBOT_VALIDATION" 27 | 28 | $CERTBOT_DOMAIN. 10 IN CAA 0 issue "letsencrypt.org" 29 | EOF 30 | 31 | # Kill any existing dnslib.fixedresolver processes 32 | pkill -f dnslib.fixedresolver &>/dev/null 33 | 34 | # Echo burp service status for CERTBOT_AUTH_OUTPUT so that cleanup can start Burp service if it was started before. 35 | echo "$(systemctl show -p ActiveState --value burpcollaborator)" 36 | service burpcollaborator stop &>/dev/null 37 | 38 | python3 -m dnslib.fixedresolver -a $MYPRIVATEIP --zonefile /tmp/collab.zonefile &>/dev/null & 39 | 40 | # Sleep to avoid DNS propagation issues. 41 | sleep 15 42 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ $(id -u) -ne 0 ]]; then 4 | echo "Please run as root" 5 | exit 1 6 | fi 7 | 8 | if [ "$#" -lt 2 ]; then 9 | echo "Usage: $0 yourdomain.com email@address.com [burp-installer-script.sh]" 10 | exit 1 11 | fi 12 | 13 | DOMAIN=$1 14 | EMAIL=$2 15 | BURP_INSTALLATOR="$3" 16 | 17 | if [ ! -f /usr/local/BurpSuitePro/BurpSuitePro ]; then 18 | if [ -z "$BURP_INSTALLATOR" ]; then 19 | echo "Install Burp to /usr/local/BurpSuitePro and run script again or provide a path to burp installer script" 20 | echo "Usage: $0 $DOMAIN email@address.com [burp-installation-path.sh]" 21 | exit 22 | elif [ ! -f "$BURP_INSTALLATOR" ]; then 23 | echo "Burp installer script ($BURP_INSTALLATOR) does not exist" 24 | exit 25 | fi 26 | bash "$BURP_INSTALLATOR" -q 27 | if [ ! -f /usr/local/BurpSuitePro/BurpSuitePro ]; then 28 | echo "Burp Suite Pro was not installed correctly. Please install it manually to /usr/local/BurpSuitePro and run the installer script again" 29 | exit 30 | fi 31 | fi 32 | 33 | # Make sure that permissions are ok for all scripts. 34 | chmod +x *.sh 35 | 36 | 37 | SRC_PATH="`dirname \"$0\"`" 38 | 39 | # Get public IP in case not running on AWS, Azure or Digitalocean. 40 | MYPUBLICIP=$(curl http://checkip.amazonaws.com/ -s) 41 | MYPRIVATEIP=$(hostname -I | cut -d' ' -f 1) # It assumes that first network interface is the Internet one 42 | 43 | # Get IPs if running on AWS. 44 | curl http://169.254.169.254/latest -s --output /dev/null -f -m 1 45 | if [ 0 -eq $? ]; then 46 | MYPRIVATEIP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4 -s) 47 | MYPUBLICIP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4 -s) 48 | fi; 49 | 50 | # Get IPs if running on Azure. 51 | curl --header 'Metadata: true' "http://169.254.169.254/metadata/instance/network?api-version=2017-08-01" -s --output /dev/null -f -m 1 52 | if [ 0 -eq $? ]; then 53 | MYPRIVATEIP=$(curl --header 'Metadata: true' "http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/privateIpAddress?api-version=2017-08-01&format=text" -s) 54 | MYPUBLICIP=$(curl --header 'Metadata: true' "http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-08-01&format=text" -s) 55 | fi; 56 | 57 | # Get IPs if running on Digitalocean. 58 | curl http://169.254.169.254/metadata/v1/id -s --output /dev/null -f -m1 59 | if [ 0 -eq $? ]; then 60 | # Use Floating IP if the VM has it enabled. 61 | FLOATING=$(curl http://169.254.169.254/metadata/v1/floating_ip/ipv4/active -s) 62 | if [ "$FLOATING" == "true" ]; then 63 | MYPUBLICIP=$(curl http://169.254.169.254/metadata/v1/floating_ip/ipv4/ip_address -s) 64 | MYPRIVATEIP=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address -s) 65 | fi 66 | if [ "$FLOATING" == "false" ]; then 67 | MYPUBLICIP=$(curl http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address -s) 68 | MYPRIVATEIP=$MYPUBLICIP 69 | fi 70 | fi; 71 | 72 | # Use snap version of Certbot because APT-version is too old. 73 | snap install --classic certbot 74 | snap refresh certbot 75 | ln -s /snap/bin/certbot /usr/bin/certbot 76 | 77 | apt update -y && apt install -y python3 python3-dnslib 78 | 79 | mkdir -p /usr/local/collaborator/ 80 | cp "$SRC_PATH/dnshook.sh" /usr/local/collaborator/ 81 | cp "$SRC_PATH/cleanup.sh" /usr/local/collaborator/ 82 | cp "$SRC_PATH/collaborator.config" /usr/local/collaborator/collaborator.config 83 | sed -i "s/INT_IP/$MYPRIVATEIP/g" /usr/local/collaborator/collaborator.config 84 | sed -i "s/EXT_IP/$MYPUBLICIP/g" /usr/local/collaborator/collaborator.config 85 | sed -i "s/BDOMAIN/$DOMAIN/g" /usr/local/collaborator/collaborator.config 86 | cp "$SRC_PATH/burpcollaborator.service" /etc/systemd/system/ 87 | cp "$SRC_PATH/startcollab.sh" /usr/local/collaborator/ 88 | cp "$SRC_PATH/renewcert.sh" /etc/cron.daily/renewcert 89 | 90 | cd /usr/local/collaborator/ 91 | chmod +x /usr/local/collaborator/* 92 | 93 | grep $MYPRIVATEIP /etc/hosts -q || (echo $MYPRIVATEIP `hostname` >> /etc/hosts) 94 | 95 | echo "" 96 | echo "CTRL-C if you don't need to obtain certificates." 97 | echo "" 98 | read -p "Press enter to continue" 99 | 100 | # Wildcard certificate is requested in two steps as it is less error-prone. 101 | # The first step requests the actual wildcard with *.domain.com (all subdomains) certificate. 102 | # The second step expands the certificate with domain.com (without any subdomain). 103 | # This used to be possible in single-step, however currently it can lead to invalid TXT-record error, 104 | # as certbot starts the dnshooks concurrently and not consecutively. 105 | certbot certonly --manual-auth-hook "/usr/local/collaborator/dnshook.sh $MYPRIVATEIP" -m $EMAIL --manual-cleanup-hook /usr/local/collaborator/cleanup.sh \ 106 | -d "*.$DOMAIN" \ 107 | --server https://acme-v02.api.letsencrypt.org/directory \ 108 | --manual --agree-tos --no-eff-email --preferred-challenges dns-01 109 | 110 | certbot certonly --manual-auth-hook "/usr/local/collaborator/dnshook.sh $MYPRIVATEIP" -m $EMAIL --manual-cleanup-hook /usr/local/collaborator/cleanup.sh \ 111 | -d "$DOMAIN, *.$DOMAIN" \ 112 | --server https://acme-v02.api.letsencrypt.org/directory \ 113 | --manual --agree-tos --no-eff-email --preferred-challenges dns-01 \ 114 | --expand 115 | 116 | CERT_PATH=/etc/letsencrypt/live/$DOMAIN 117 | ln -s $CERT_PATH /usr/local/collaborator/keys 118 | -------------------------------------------------------------------------------- /renewcert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /usr/bin/certbot renew 4 | -------------------------------------------------------------------------------- /startcollab.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/local/BurpSuitePro/BurpSuitePro -Xmx200m --collaborator-server --collaborator-config=/usr/local/collaborator/collaborator.config 4 | --------------------------------------------------------------------------------