Re: [Burp-users] backup_tool_script 0.4.0: purpose of client config file
Brought to you by:
grke
Menu
▾
▴
Re: [Burp-users] backup_tool_script 0.4.0: purpose of client config file
|
From: Graham K. <gr...@gr...> - 2018-06-15 22:03:15
|
> On Wednesday, June 13, 2018, 9:41:53 AM GMT+2, Graham Keeling <gr...@gr...> wrote: > > On Tue, Jun 12, 2018 at 05:10:52AM +0000, Iznohak via Burp-users wrote: > > Sorry if the following should be obvious but it's not clear to me after reading the doc and the shell script. > > > > First, is this script only intended to run on the server side, since it needs access to the backup storage directory and in some cases, to the clientconfdir? If so, perhaps this could be stated in the documentation, because unless I missed it, it's not mentioned anywhere. Well, the fact that it's in the server subdirectory of the configs directory in the source tree is a strong indication, but not everyone looks at the source. > > > > Second, if I understand correctly, the script (well not the script itself, but the script running burp as a client) needs a client configuration file just so that it can talk to the server in verify mode (-a v) or status mode (-a S), but the client configuration can be a dummy configuration with just enough info to pass authentication with the server, it doesn't need the configuration of a real client. Is this correct? Typically the real client configuration resides on the client side, it wouldn't be very practical to duplicate it on the server side. > > > > And finally, the -c option allows for specifying a different client configuration file than the implied one, for added flexibility, but again it is just for authenticating with the server. Am I getting this right? > > First: > Orsiris de Jong (deajan) is the author of this script. As I understand it, > it is meant to be run directly on the server. You are welcome to push an > addition to the documentation, it lives in docs/backup_tool_script.txt > > Second: > I believe it uses the '-C <client>' option to query/run certain things, which > means you have to give the server side client permissions to access the other > clients. So, you connect with whatever is in your client burp.conf, and then > switch to being the -C client. > > Finally: > I think maybe this question is irrelevant once you have understand the -C > > option. On Fri, Jun 15, 2018 at 10:10:33AM +0000, Iznohak via Burp-users wrote: > Yes I am aware deajan is the author of this script. I had assumed he was participating in this mailing list. That was mistaken I guess. He is definitely around. I said that he is the author of it because I am not 100% sure of the details of how it works, but I am answering from my current understanding - which may not be complete. > I was referring to the script's -c/--config-file option which specifically refers to a client configuration file. > > Anyhow, thanks for your input Graham. Yes, the -c option lets you specify a different configuration file. So, if you want to use a different client config on the server, -c will let you do that. This may well be a requirement for backup_tool_script. However, I don't think that it is a big problem because you get a client burp.conf on the server side 'for free' anyway. |
