-
Notifications
You must be signed in to change notification settings - Fork 76
UNIX burp client tips
Let's assume this mimics a state when your burp client was destroyed, you don't have any prepared disaster recovery (DR) medium but you still have client's backup on burp server. Though you have burp package installed on the client.
First check if you have your client's burp.conf and certs in backup
find burp/<clientname>/current/data/t/etc/burp/ \( -name 'burp.conf' -o -name 'ssl*' \)
burp/brq-setup/current/data/t/etc/burp/burp.conf
burp/brq-setup/current/data/t/etc/burp/ssl_cert-client.key
burp/brq-setup/current/data/t/etc/burp/ssl_cert-client.pem
burp/brq-setup/current/data/t/etc/burp/ssl_cert_ca.pem
If you do, copy /etc/burp/burp.conf inside the backup to your client; then get your client's ssl files from backup and save them in /tmp:
zcat burp/<clientname>/current/data/t/etc/burp/burp.conf | awk '/ssl_cert/ { sub(/.*\//,"",$NF); print $NF }' | while read file; do zcat burp/<clientname>/current/data/t/etc/burp/$file > /tmp/$file ; done
Copy those files previously uncompress from the backup in /tmp onto your client's burp directory over SSH:
scp /tmp/ssl* <clientname>:/etc/burp/
And correct permissions:
chmod 600 /etc/burp/ssl_cert{_ca.pem,-client.key,-client.pem}
In this time, listing remote client's backups should work:
burp -a l
When you do not have client's /etc/burp in the backup, you will reconnect your client just with
password and the initial connection will create new set of ssl files.
First, "disable" on the server old client's ssl files:
for i in /etc/burp/CA/<clientname>.{crt,csr} ; do echo mv $i $i.orig; done
Then get password of your client on the server:
grep password /etc/burp/clientconfdir/<clientname>
Query what were original CN for the client and server, to get client's CN do on the server (the value is after 'CN'):
openssl x509 -in /etc/burp/CA/<clientname>.crt.orig -noout -subject
And query server's CN on the server:
openssl x509 -in /etc/burp/CA/<servername>.crt -noout -subject
Then, finally on the client, create new pristine burp.conf (customize to fit your environment):
cat > /etc/burp/burp.conf <<EOF
mode = client
port = 4971
status_port = 4972
server = <servername>
password = <password>
cname = <clientcnname>
pidfile = /var/run/burp.client.pid
syslog = 0
stdout = 1
progress_counter = 1
server_can_restore = 0
cross_filesystem=/home
cross_all_filesystems=0
ca_burp_ca = /usr/sbin/burp_ca
ca_csr_dir = /etc/burp/CA-client
ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
ssl_cert = /etc/burp/ssl_cert-client.pem
ssl_key = /etc/burp/ssl_cert-client.key
ssl_peer_cn = <servercnnane>
include = /home
exclude_fs = sysfs
exclude_fs = tmpfs
nobackup = .nobackup
exclude_comp=bz2
exclude_comp=gz
EOF
Now, the inital connection of the client to server with valid password should create new set of ssl files and you should get list of your client's backup:
burp -a l