burp - Per Client Configure

 

 


Server Side 's per Client Configure

 

 * 沒有它, Client 不可以連 Server

 * Files beginning with '.' or ending with '~' are ignored. Directories are also ignored.

 * The filename must match the name in the 'cname' field on the client config

/etc/burp/clientconfdir/<client name>        <--- cname

# 0 => disable clients (Diable)
enabled = 1
password = abcdefgh

# 載入 default Setting
# . incexc/default
. incexc/*

# Default: 1
password_check = 0
version_warn = 0

password_check

# Default: 1, 此設定支援 global / clientconfdir

# Client connect server 時需要密碼認證

# SSL certificates will still be checked if you turn passwords off

password_check = 0

version_warn

# Default: 1, 此設定支援 global / clientconfdir

# client version does not match the server version

version_warn = 1

incexc/default ( etc/clientconfdir )

client_can_delete=0
client_can_force_backup=0
client_can_list=1
client_can_verify=0
client_can_restore=0

# include=/home
# exclude=/home/dontwant
# exclude_ext=vdi
# exclude_regex=/\.cache/
# exclude_fs=tmpfs
# exclude_comp=gz
# min_file_size=0
# max_file_size=0
# cross_filesystem=/some/path
# cross_all_filesystems=0
# nobackup=.nobackup
# read_fifo=/some/path/to/a/fifo
# read_all_fifos=0

# For window
# split_vss=1
# strip_vss=0

 


Disabling a client

 

# Disable  client On Server

mv /etc/burp/clientconfdir/<client> /etc/burp/clientconfdir/<client>.disable

 


Revoking a client

 

1. Get the certificate serial of the client:

openssl x509 -serial -noout -in /etc/burp/CA/<client name>.crt

2. Revoke the certificate ('01' is the serial number output in step 2):

burp_ca --name burpCA --revoke 01

3. Regenerate the crl:

burp_ca --name burpCA --crl

4. Check the certificate has been revoked:

openssl crl -in /etc/burp/CA/CA_burpCA.crl -text -noout

 

Creative Commons license icon Creative Commons license icon