This post will show you how to set up a Burp Private Collaborator Server using Terraform and Ansible on AWS.
Burp Suite Professional is a staple of our application security testing arsenal here at 4ARMED and its Collaborator tool is outstanding for finding those tricky out-of-band and second order vulnerabilities.
Setting up a Private Collaborator server is not particularly tricky but, this is 2017 so we thought what better way to flex our DevOps muscles than automate the whole deployment onto Amazon Web Services from end-to-end using Terraform and Ansible?
Terraform
If you’ve not used Terraform before, it enables you to write “infrastructure as code”. In this scenario we have focused on using AWS as our hosting provider and will spin up a new EC2 t2.nano instance along with associated security groups and SSH keys and then use Ansible to provision Burp Collaborator onto the box.
We’re not going to provide any kind of intro to Terraform here, if you want to know more please head over to https://www.terraform.io/.
Ansible
We love Puppet, Salt and Chef but Ansible is our current go-to configuration management tool, mainly because it suits the majority of our particular use-cases for regular, consistent build standards across a mix of different Linux-based servers. We also like the fact you don’t need an agent on the box to get started.
Again, to find out more head over to https://www.ansible.com/.
How to build a Private Burp Collaborator Server with Terraform
Our Terraform configuration is available on our Github page at https://github.com/4ARMED/terraform-burp-collaborator. The first step is go and clone this repository, which also contains the full instructions for how to use it. I’m not going to rewrite everything here as there is step-by-step info there but it boils down to:
git clone https://github.com/4ARMED/terraform-burp-collaborator.git- Generate SSH keypair
- Edit
terraform.tfvarsas required terraform apply
How cool and easy is that? Under the hood it will build your EC2 instance and then install Burp Collaborator using our Ansible playbook from https://galaxy.ansible.com/4ARMED/burp-collaborator/.
TLS
To keep things simple the basic configuration creates a private key and self-signed TLS certificate. This will work in testing but if you’re planning to use this setup in anger to test a real client you will find things aren’t going to work so well as, even if you do get an out-of-band issue, depending on where/what it is the HTTPS client is going to throw a trust error on the self-signed cert.
The solution is easy of course, buy a wildcard TLS certificate. I’m not going to endorse one provider over another but Namecheap do Comodo wildcard certs for ~£80 per year.
You can use our Terraform config to generate a private key and CSR which you can then purchase your wildcart cert with.
- Edit
owntls.ymland set the different variables according to what you want in your certificate - Delete the generated CSR:
rm burp.csr ansible-playbook -i inventory owntls.yml --tags tls- Use the contents of the newly generated
burp.csrfile to purchase your certificate. - Copy your new certificate to
burp.crt - Copy any intermediate CA cert bundle to
intermediate.crt ansible-playbook -i inventory playbook.yml --tags setup,restart
Summary
This is a short blog post to introduce you to a quick way of standing up an AWS instance running a Burp Private Collaborator Server. The combination of Terraform and Ansible is a powerful one and we use it a lot here at 4ARMED Towers.
We hope you found this useful, there’s a lot more info over at the Github repo but also feel free to contact us if you have any questions.
