Home

Awesome

Burp Collaborator Server docker container with LetsEncrypt certificate

This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.

Setup your domain

Delegate a subdomain to your soon to be burp collaborator server IP address. At the minimum you'll need a NS record for the subdomain to be used (e.g. burp.example.com) pointing to your new server's A record:

burp.example.com IN NS burpserver.example.com

burpserver.example.com IN A 1.2.3.4

Check https://portswigger.net/burp/documentation/collaborator/deploying#dns-configuration for further info.

Requirements

Setup the environment

./init.sh burp.example.com 1.2.3.4

This will start the environment for the subdomain burp.example.com, creating a wildcard certificate as *.burp.example.com.

I'm using an ugly hack on the certbot-dns-cloudflare plugin from certbot, where it just runs a local dnsmasq with the required records, and makes all of this automagically happen.

If everything is OK, burp will start with the following message:

Burp is now running with the letsencrypt certificate for domain *.burp.example.com

You can check by running docker ps, and going to burp, and pointing the collaborator configuration to your new server. Keep it mind that this configuration configures the polling server on port 9443.

The init.sh script will be renamed and disabled, so no accidents may happen.

Certificate renewal

Updating Burp Suite


Author: Bruno Morisson

Thanks to Fábio Pires (check his burp collaborator w/letsencrypt tutorial) and Herman Duarte (for betatesting and fixes)