1. Copy ArcusServer.jar to the same server as faction though not required. Mongo DB is also required to be on this server.
2. Generate a CA Cert. :
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem openssl pkcs12 -export -in rootCA.pem -inkey rootCA.key -out rootCA.p12
3. Create a config file with the following data. ie conf.json
{"certpath":"./rootCA.p12",
"domain":"[Your domain or IP]",
"certpass":"changeit",
"authentication":"noauth"}
4. Copy the License file to the server (license.lic)
5. Install the license:
java -jar ArcuseServer.jar -i ./license.lic
6. Start the Arcus Server:
$ java -jar ArcusServer-1.0.jar -c config.json Dec 13, 2016 2:27:26 PM fuse.server.auth.Licensing getLicense INFO: A valid free license was found. Dec 13, 2016 2:27:26 PM fuse.server.ArcusServer run INFO: You are running the free version of Arcus Dec 13, 2016 2:27:27 PM fuse.server.ArcusServer run INFO: Arcus server is running... INFO: Login Accepted for [email protected] Dec 13, 2016 2:27:35 PM fuse.server.auth.Licensing getLicense INFO: A valid free license was found. Dec 13, 2016 2:27:35 PM fuse.server.ArcusServer NewUserLogin INFO: New user added INFO: Login Accepted for [email protected] Dec 13, 2016 2:55:36 PM fuse.server.auth.Licensing getLicense INFO: A valid free license was found. Dec 13, 2016 2:55:36 PM fuse.server.ArcusServer NewUserLogin INFO: New user added
Steps to Run the client:
- Add Arcus Client to from the burp extender tab.
- Right click any request editor and select connect
- Enter the same IP or Hostname that was used in your config file( These values must match. If you enter a domain name in the conf file but enter an ip address in the client then you will be able to connect but cannot send messages correctly)
- Enter any username and enter random password ( the free version is unauthenticated so password must be entered but is not validated anywhere)
- Click Connect. (Note.. ‘OK’ in this popup just closes the window and does not connect.)
- Wait till someone else connects to the server then right click and send data to them.
Adding Commands to Run on Arcus:
Arcus supports configuring custom commands that can be run on the Arcus Server via Burp and have the outputs inserted into your Burp Scans.
For example if you want to runn SSLyze from burp you can add the following Command to the Arcus Server:
java -jar ArcusServer-1.0.jar \
--cmdAlias "sslyze" --cmd "/usr/local/bin/sslyze --regular {H}"
In the above example {H} will be replaced with the hostname submitted from Burp.
When the command completes it will be added to your Burp Scan Issues as an Informational finding.
You can also add right click this data and add it as a new finding in Faction. So that you don’t have to take screenshots or keep track of your other assessment artifacts. This will also store you external command scans in your burp state.
CMD Variables
The variables we allow in commands is below:
- {H} : Host Name
- {R} : Full Request from repeater as a String to parse.
- {FR} : File Request. This will take the full request from Repeater and save it to a tmp file on the Arcus Server that can be analyzed. (i.e. sqlmap -r {FR} –ssl)
- {U} : Full URL
If you want to integrate SQLMap into Burp via Arcus then run the following command on the Arcus Server:
java -jar ArcusServer-1.0.jar --cmdAlias "sqlmap -b ssl" --cmd "python /opt/tools/sqlmap/sqlmap.py -b -r {FR} --batch --force-ssl"
From Burp Repeater you can simply add a “*” to the parameter you want SQLMap to test and submit it. It will run on the Arcus Server and add the response to your Burp Scan Items when the results are complete.