Function request for PortSwigger
As a way to create a customized Amazon Machine Picture (AMI) with Burp I at the moment totally automate the constructing of a Home windows AMI and publish the newest AMI ID to a system parameter.
On the subject of Burp, until I’m lacking one thing (and I’ve contacted help) I’ve to manually log into my account to get the newest model, manually down load it, copy it to the S3 bucket the place I run my deployments, and from there I can automate downloading it to my machine picture.
Then to configure it, I’ve to manually hearth it up and enter the license key. One of many issues is that you’re restricted to what number of instances you need to use a license on completely different machines, at which level it’s a must to contact help to get the license unlocked.
In different phrases, if I do 20 or 30 penetration exams a yr and have a separate automated construct out for every buyer and wish to begin with a contemporary, untarnished machine for every undertaking, I’m going to must contact help sooner or later and request my license to be unlocked. And if I’m not paying consideration or don’t know the restrict I’d hit it at a important level after I’m speeding to get a penetration check going and delayed till help will get again to me.
Ideally there needs to be a method to monitor what number of makes use of you may have left of a license in an automatic manner so you may contact help upfront.
Extra ideally, this complete course of might be fully automated. I put my license key into an AWS SSM Parameter and use it to spin up new machines in a very automated manner prepared to start out pen testing with out having to do any handbook license steps. There might be an API name to get the subsequent occasion of your license and an API to request an extra batch of makes use of for a license. Or one thing like that…
I’ve already talked about this to PortSwigger however I’m questioning if anybody else is going through this problem. There could also be a method to work round a few of this however I haven’t had time but — and I want it have been simply simpler.
If this helped you otherwise you had this downside, please clap!
Teri Radichel — Observe me @teriradichel on Twitter
© 2nd Sight Lab 2022
____________________________________________
About this weblog:
Wish to be taught extra about Cybersecurity and Cloud Safety? Try: Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration check or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety courses, articles, white papers, displays, and podcasts