Burp Suite Pro Pub Sub Architecture
Burp Suite Pro Pub Sub Architecture คืออะไร
Burp Suite Professional เป็นเครื่องมือ web application security testing ยอดนิยมจาก PortSwigger ใช้สำหรับ penetration testing, vulnerability scanning และ security research Pub/Sub (Publish-Subscribe) Architecture เป็นรูปแบบ messaging ที่ publishers ส่ง messages ไปยัง topics และ subscribers รับ messages ที่สนใจ โดยไม่ต้องรู้จักกัน การรวม Burp Suite กับ Pub/Sub ช่วยสร้างระบบ security testing แบบ distributed ที่ scan หลาย targets พร้อมกัน แชร์ findings แบบ real-time และ integrate กับ CI/CD pipeline
Burp Suite Pro Features
# burp_features.py — Burp Suite Pro features overview
import json
class BurpSuiteFeatures:
FEATURES = {
"scanner": {
"name": "Active/Passive Scanner",
"description": "สแกน vulnerabilities อัตโนมัติ — SQL injection, XSS, SSRF, XXE และอื่นๆ",
"modes": ["Active scan (ส่ง payloads)", "Passive scan (วิเคราะห์ traffic)"],
},
"intruder": {
"name": "Intruder",
"description": "Automated attack tool — brute force, fuzzing, parameter tampering",
"attack_types": ["Sniper", "Battering Ram", "Pitchfork", "Cluster Bomb"],
},
"repeater": {
"name": "Repeater",
"description": "ส่ง HTTP requests ซ้ำๆ แก้ไขได้ — ใช้ทดสอบ manually",
},
"extensions_api": {
"name": "Extensions API (Montoya API)",
"description": "เขียน extensions ด้วย Java/Python/Ruby — extend Burp functionality",
"use_cases": ["Custom scan checks", "Auto-exploit", "Report generation", "Integration"],
},
"collaborator": {
"name": "Burp Collaborator",
"description": "Out-of-band testing — detect blind SSRF, blind XSS, DNS exfiltration",
},
}
def show_features(self):
print("=== Burp Suite Pro Features ===\n")
for key, feat in self.FEATURES.items():
print(f"[{feat['name']}]")
print(f" {feat['description']}")
print()
burp = BurpSuiteFeatures()
burp.show_features()Pub/Sub Architecture Design
# pubsub_arch.py — Pub/Sub architecture for security testing
import json
class PubSubArchitecture:
COMPONENTS = {
"scan_coordinator": {
"name": "Scan Coordinator (Publisher)",
"description": "จัดการ scan jobs — สร้าง tasks, กระจายไป workers, รวบรวมผลลัพธ์",
"publishes_to": ["scan-requests", "scan-config"],
},
"burp_workers": {
"name": "Burp Workers (Subscribers)",
"description": "Burp Suite instances ที่รับ scan tasks จาก queue — ทำ active/passive scan",
"subscribes_to": ["scan-requests"],
"publishes_to": ["scan-results", "vulnerability-findings"],
},
"results_aggregator": {
"name": "Results Aggregator",
"description": "รวบรวม findings จากทุก workers — deduplicate, prioritize, report",
"subscribes_to": ["scan-results", "vulnerability-findings"],
},
"notification_service": {
"name": "Notification Service",
"description": "แจ้งเตือนเมื่อพบ critical vulnerabilities — Slack, email, Jira",
"subscribes_to": ["vulnerability-findings"],
},
"message_broker": {
"name": "Message Broker",
"description": "RabbitMQ หรือ Redis Pub/Sub — route messages ระหว่าง components",
"topics": ["scan-requests", "scan-results", "vulnerability-findings", "scan-status"],
},
}
def show_architecture(self):
print("=== Pub/Sub Architecture ===\n")
for key, comp in self.COMPONENTS.items():
print(f"[{comp['name']}]")
print(f" {comp['description']}")
if 'publishes_to' in comp:
print(f" Publishes: {', '.join(comp['publishes_to'])}")
if 'subscribes_to' in comp:
print(f" Subscribes: {', '.join(comp['subscribes_to'])}")
print()
arch = PubSubArchitecture()
arch.show_architecture()Burp Extension for Pub/Sub
# burp_extension.py — Burp Suite extension with Pub/Sub
import json
class BurpPubSubExtension:
JAVA_CODE = """
// BurpPubSubExtension.java — Burp extension that publishes findings
package com.example.burppubsub;
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.scanner.audit.issues.AuditIssue;
import com.rabbitmq.client.Channel;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import com.google.gson.Gson;
public class BurpPubSubExtension implements BurpExtension {
private MontoyaApi api;
private Channel channel;
private Gson gson = new Gson();
@Override
public void initialize(MontoyaApi api) {
this.api = api;
api.extension().setName("Pub/Sub Scanner");
// Connect to RabbitMQ
try {
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("rabbitmq.internal");
Connection connection = factory.newConnection();
channel = connection.createChannel();
channel.exchangeDeclare("security-findings", "topic", true);
api.logging().logToOutput("Connected to RabbitMQ");
} catch (Exception e) {
api.logging().logToError("RabbitMQ connection failed: " + e.getMessage());
}
// Register scan listener
api.scanner().registerAuditIssueHandler(this::handleIssue);
}
private void handleIssue(AuditIssue issue) {
Finding finding = new Finding(
issue.name(),
issue.severity().name(),
issue.baseUrl(),
issue.detail(),
issue.remediation()
);
try {
String routingKey = "finding." + issue.severity().name().toLowerCase();
channel.basicPublish(
"security-findings",
routingKey,
null,
gson.toJson(finding).getBytes()
);
api.logging().logToOutput("Published: " + finding.name);
} catch (Exception e) {
api.logging().logToError("Publish failed: " + e.getMessage());
}
}
}
"""
PYTHON_WORKER = """
# scan_worker.py — Python worker that coordinates Burp scans
import pika
import json
import subprocess
import requests
import time
class BurpScanWorker:
def __init__(self, rabbitmq_url, burp_api_url="http://localhost:1337"):
self.burp_api = burp_api_url
self.connection = pika.BlockingConnection(
pika.URLParameters(rabbitmq_url)
)
self.channel = self.connection.channel()
self.channel.queue_declare("scan-requests", durable=True)
self.channel.basic_qos(prefetch_count=1)
def start_scan(self, target_url, scan_config=None):
'''Start a Burp scan via REST API'''
payload = {
"urls": [target_url],
"scan_configurations": scan_config or [
{"type": "NamedConfiguration", "name": "Audit checks - all"}
]
}
resp = requests.post(
f"{self.burp_api}/v0.1/scan",
json=payload
)
return resp.headers.get("Location") # scan task ID
def get_scan_status(self, task_id):
resp = requests.get(f"{self.burp_api}/v0.1/scan/{task_id}")
return resp.json()
def process_message(self, ch, method, properties, body):
message = json.loads(body)
target = message.get("target_url")
print(f"Starting scan: {target}")
task_id = self.start_scan(target)
# Wait for completion
while True:
status = self.get_scan_status(task_id)
if status.get("scan_status") == "succeeded":
# Publish results
self.publish_results(status.get("issue_events", []))
break
time.sleep(10)
ch.basic_ack(delivery_tag=method.delivery_tag)
def publish_results(self, issues):
for issue in issues:
self.channel.basic_publish(
exchange="security-findings",
routing_key=f"finding.{issue.get('severity', 'info').lower()}",
body=json.dumps(issue)
)
def start(self):
self.channel.basic_consume("scan-requests", self.process_message)
print("Worker started. Waiting for scan requests...")
self.channel.start_consuming()
# worker = BurpScanWorker("amqp://guest:guest@rabbitmq:5672/")
# worker.start()
"""
def show_java(self):
print("=== Burp Extension (Java) ===")
print(self.JAVA_CODE[:600])
def show_python(self):
print(f"\n=== Scan Worker (Python) ===")
print(self.PYTHON_WORKER[:600])
ext = BurpPubSubExtension()
ext.show_java()
ext.show_python()Results Aggregation & Reporting
# aggregation.py — Aggregate and report findings
import json
import random
class ResultsAggregation:
CODE = """
# aggregator.py — Aggregate security findings
import pika
import json
from collections import Counter
from datetime import datetime
class FindingsAggregator:
def __init__(self, rabbitmq_url):
self.connection = pika.BlockingConnection(
pika.URLParameters(rabbitmq_url)
)
self.channel = self.connection.channel()
self.findings = []
# Subscribe to all findings
self.channel.exchange_declare("security-findings", "topic", durable=True)
result = self.channel.queue_declare("", exclusive=True)
queue_name = result.method.queue
self.channel.queue_bind(queue_name, "security-findings", "finding.*")
self.channel.basic_consume(queue_name, self.on_finding, auto_ack=True)
def on_finding(self, ch, method, properties, body):
finding = json.loads(body)
# Deduplicate
key = f"{finding.get('name')}|{finding.get('url')}"
if not any(f.get('_key') == key for f in self.findings):
finding['_key'] = key
finding['found_at'] = datetime.utcnow().isoformat()
self.findings.append(finding)
# Alert on critical/high
severity = finding.get('severity', '').lower()
if severity in ('critical', 'high'):
self.send_alert(finding)
def send_alert(self, finding):
# Send to Slack/Jira
print(f"ALERT: [{finding['severity']}] {finding['name']} at {finding.get('url')}")
def generate_report(self):
severity_counts = Counter(f.get('severity', 'unknown') for f in self.findings)
return {
'total_findings': len(self.findings),
'by_severity': dict(severity_counts),
'critical': [f for f in self.findings if f.get('severity') == 'critical'],
'scan_date': datetime.utcnow().isoformat(),
}
# aggregator = FindingsAggregator("amqp://guest:guest@rabbitmq:5672/")
# aggregator.channel.start_consuming()
"""
def show_code(self):
print("=== Findings Aggregator ===")
print(self.CODE[:600])
def sample_report(self):
print(f"\n=== Security Scan Report ===")
print(f" Targets scanned: {random.randint(5, 20)}")
print(f" Total findings: {random.randint(20, 100)}")
print(f" Critical: {random.randint(0, 3)}")
print(f" High: {random.randint(2, 10)}")
print(f" Medium: {random.randint(5, 30)}")
print(f" Low: {random.randint(10, 50)}")
print(f" Info: {random.randint(5, 20)}")
vulns = ["SQL Injection", "XSS (Reflected)", "CSRF", "SSRF", "Open Redirect", "IDOR"]
print(f" Top finding: {random.choice(vulns)}")
agg = ResultsAggregation()
agg.show_code()
agg.sample_report()CI/CD Integration
# cicd.py — CI/CD pipeline integration
import json
class CICDIntegration:
GITHUB_ACTIONS = """
# .github/workflows/security-scan.yml
name: Security Scan (Burp Suite)
on:
pull_request:
branches: [main]
schedule:
- cron: '0 2 * * 1' # Weekly Monday 2 AM
jobs:
security-scan:
runs-on: self-hosted # Need Burp Suite installed
steps:
- uses: actions/checkout@v4
- name: Start target application
run: docker compose up -d
- name: Wait for app to be ready
run: |
for i in $(seq 1 30); do
curl -s http://localhost:8080/health && break
sleep 2
done
- name: Submit scan request
run: |
python3 scripts/submit_scan.py \\
--target http://localhost:8080 \\
--rabbitmq-url } \\
--wait-for-results \\
--timeout 1800
- name: Check results
run: |
python3 scripts/check_results.py \\
--rabbitmq-url } \\
--fail-on-severity high \\
--output report.html
- name: Upload report
if: always()
uses: actions/upload-artifact@v4
with:
name: security-report
path: report.html
- name: Cleanup
if: always()
run: docker compose down
"""
SCAN_SUBMIT = """
# submit_scan.py — Submit scan request to Pub/Sub
import pika
import json
import argparse
def submit_scan(target, rabbitmq_url):
connection = pika.BlockingConnection(pika.URLParameters(rabbitmq_url))
channel = connection.channel()
channel.queue_declare("scan-requests", durable=True)
message = {
"target_url": target,
"scan_type": "full",
"config": {"max_crawl_depth": 5, "audit_checks": "all"},
}
channel.basic_publish(
exchange="",
routing_key="scan-requests",
body=json.dumps(message),
properties=pika.BasicProperties(delivery_mode=2),
)
print(f"Scan submitted for {target}")
connection.close()
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("--target", required=True)
parser.add_argument("--rabbitmq-url", required=True)
args = parser.parse_args()
submit_scan(args.target, args.rabbitmq_url)
"""
def show_pipeline(self):
print("=== CI/CD Pipeline ===")
print(self.GITHUB_ACTIONS[:500])
def show_submit(self):
print(f"\n=== Scan Submit Script ===")
print(self.SCAN_SUBMIT[:400])
cicd = CICDIntegration()
cicd.show_pipeline()
cicd.show_submit()FAQ - คำถามที่พบบ่อย
Q: Burp Suite Pro จำเป็นต้องใช้ Pro ไหม?
A: Community Edition: ใช้ได้ฟรี แต่ไม่มี active scanner, limited Intruder Pro Edition ($449/ปี): active scanner, unlimited Intruder, Burp Collaborator, REST API Enterprise Edition: สำหรับ CI/CD, centralized scanning, multi-user สำหรับ Pub/Sub architecture: ต้อง Pro ขึ้นไป (ใช้ REST API)
Q: ทำไมต้องใช้ Pub/Sub กับ security testing?
A: Scale: scan หลาย targets พร้อมกัน — กระจาย load ไปหลาย Burp instances Decouple: scan coordinator ไม่ต้องรู้จัก workers โดยตรง Real-time: findings ส่งถึง aggregator ทันที — ไม่ต้องรอ scan เสร็จ Integration: subscribe ได้หลาย consumers (Slack, Jira, SIEM, dashboard)
Q: RabbitMQ กับ Kafka ใช้อันไหน?
A: RabbitMQ: แนะนำ — task queue pattern เหมาะกับ scan jobs, ง่ายกว่า, routing flexible Kafka: ถ้าต้อง store findings ระยะยาว + replay + high throughput Redis Pub/Sub: ง่ายที่สุด แต่ไม่มี persistence (messages หายถ้า subscriber offline) แนะนำ: เริ่มจาก RabbitMQ → ย้ายไป Kafka ถ้าต้องการ event streaming
Q: Security scan ใน CI/CD ช้าไหม?
A: Full scan: 30-60 นาที (ขึ้นกับ app complexity) เร่งได้: ใช้ lightweight scan config (เฉพาะ critical checks), จำกัด crawl depth, scan เฉพาะ changed endpoints Strategy: PR = quick scan (5-10 นาที), Weekly = full scan (60 นาที) Parallel: Pub/Sub ช่วยกระจาย scan → ลดเวลารวม