Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Installing the application (Kubernetes)

  • Last updated: March 27, 2024

  • Read time: 4 Minutes

Burp Suite Enterprise Edition uses Helm to manage installation and configuration. In order to install the application you first need to download its Helm chart.

Downloading the Helm chart

The Burp Suite Enterprise Edition Helm chart is a deployment descriptor for Kubernetes that, when run, configures Burp Suite Enterprise Edition in a "ready-to-run" state. It is designed to work with any Kubernetes cluster that meets the prerequisites for Burp Suite Enterprise Edition.

You can get the Helm chart from two places:

  • From the PortSwigger Releases page. Click here to display details of the most recent Kubernetes release of Burp Suite Enterprise Edition, and then click Download.

    Once the chart is downloaded, unpack it into a directory of your choice. Note that you will need the name of this directory when running commands against the chart.

  • From the Burp Suite Enterprise Edition Helm chart GitHub repository.

Note

While it is technically possible to customize the Helm chart, please note that we are unable to offer support on this process. For more information on Kubernetes support, see Support scope for Kubernetes instances.

Providing custom values for the Helm chart

The provided values.yaml file contains the default values that will be passed to the Helm chart when you run it. You can modify this file to customize these values. Please contact our support team if you need any additional guidance.

Note for Oracle users

If you want to use an Oracle database, you need to manually enable Oracle support by modifying the provided values.yaml file as follows:

support oracle: true

Adding a TLS certificate

A TLS certificate makes sure your connection to Burp Suite Enterprise is secure. You can use the values.yaml file to add a TLS certificate.

The TLS certificate must have the following properties:

  • Use a PKCS#12 certificate with a .p12 file extension. The .psx format is not supported.
  • The certificate must have a passphrase.
  • The certificate must include a Subject Alternative Name (SAN).

To add a TLS certificate:

  1. Use the following command to create a Kubernetes secret that contains your TLS certificate. The secret needs to contain the certificate, and the passphrase:

    kubectl -n <namespace> create secret generic bsee-web-server-https --from-file=certificate=<your certificate name>.p12 --from-literal=passphrase=<your passphrase>
  2. In the values.yaml file, set the values for services.webServer as follows:

    • Set useDeprecatedHttpConfigFromDatabase to false.
    • Set useHttps to true.
    • Set a value for the httpsPort (the default is 8443).
    • Enter the name and key for the secrets for the certificate and the passphrase.

Note

If you later decide to switch between an HTTPS and an HTTP connection, you need to set useHttps to false, and perform a Helm upgrade.

Configuring the database details

Before you attempt to connect to your database, please make sure that you have configured it to work with Burp Suite Enterprise Edition. For details of how to do this, see Setting up the external database.

In the values.yaml file, set the values for database within the quote marks, as follows:

  • Set url to the JDBC URL of your database. The format for the URL changes depending on the type of database you want to use. For more information on JDBC URLs in Burp Suite Enterprise Edition, see Database connection URL format.
  • Set enterpriseServerUsername for the user that you want Enterprise Server to use to connect to the database.

    • Additionally, if your database requires a different format for the username when connecting externally (for example, user-name@server-name), set enterpriseServerConnectionUsername to the connection username.
  • Set enterpriseServerPassword to the password for the Enterprise Server database connection.
  • Set scanningResourceUsername to the username of the scanning machine database user.

    • Additionally, if your database requires a different format for the username when connecting externally (for example, user-name@server-name), set scanningResourceConnectionUsername for the scanning machine database user.
  • Set scanningResourcePassword to the password of the scanning machine database user.

Using the Helm chart

After downloading the Helm chart, to deploy Burp Suite Enterprise Edition, first make sure that you have created the namespace that you want to use. This is the same namespace that you used for your PersistentVolumeClaim.

Next, run the following command:

helm install -n <namespace> <deployment name> <name of directory containing the chart>

For example, to use a chart located in enterprise-helm-folder to deploy Burp Suite Enterprise Edition to a deployment called bsee-deployment with a namespace of bsee-namespace, you would run:

helm install -n bsee-namespace bsee-deployment enterprise-helm-folder

Extracting the web server IP address

Once the installation process is complete, you need to extract your Burp Suite Enterprise Edition external IP address to access the application. If you've used our template, the address of the webserver console is displayed after successful deployment. Otherwise run the following command to find the address:

kubectl get services -n <namespace>

This command displays details of all services in the namespace, including their external IP address. The external IP of the web server service is the IP you need to access Burp Suite Enterprise Edition.

Note

If you've used your own Ingress controller, you need to use your own configured address.

Installing using a pre-existing values file

You may have previously had a Kubernetes instance of Burp Suite Enterprise Edition with a customized values file. If so, you need to use the same values file for your new instance. You can specify the values file to use when you run the install command.

To specify a values file, add the -f <values file name> argument to the install command. For example:

helm install -n bsee-namespace bsee-deployment enterprise-helm-folder -f my-values-file

Warning

There are potential security implications to leaving Burp Suite Enterprise Edition in an unconfigured state. We recommend completing the rest of the configuration as soon as possible.

Next step - Create the admin user

Was this article helpful?