Declarative Burp Suite configuration for Nix and Home Manager — including automatic installation and configuration of Burp extensions (BApps), Jython, JRuby, Burp configuration files, automatic certificate provisioning and much more.
burpsuite-nix makes Burp Suite fully reproducible:
extensions, interpreters, UI settings, and Burp’s UserConfig.json are all generated automatically through Nix.
- Home Manager module for Burp Suite
-
Declarative UserConfigCommunity.json / UserConfigPro.json generation
-
Deep merging of your overrides with Burp defaults
-
Automatic dark mode support
-
Multiple edition configs (Community, Pro)
- Fully packaged Burp extensions (BApps)
-
Managed and installed through Nix
-
Extensions are installed into your profile automatically
-
Each extension exposes metadata through passthru.burp
- Automatic interpreter setup
-
If any extension requires Python, Jython is installed and configured
-
If any extension requires Ruby, JRuby is installed and configured
-
Burp receives correct interpreter JAR paths automatically
- Reproducible & portable
-
All config JSON files are fully generated by Nix
-
Zero runtime patching or mutating files in $HOME
-
No GUI config needed — all Burp settings are declarative
- Java Preferences API Support
-
Enables the Configuration of Burpsuite via a custom Preferences Module
-
Enabled the declarative configuration of Extensions via the Java Preferences
-
Uses the Java Preferences API for certificate and license management
- Declarative certificate support
-
Includes a hardcoded CA certificate in Burp's Java preferences
-
Allows transparent HTTPS interception without manual setup
-
Automatically configures Firefox to trust Burp's CA certificate
The Documentation for each Module Setting can be found here: nixos-options.md
Note that this Module does not install Burpsuite, this needs to be done separately!
Import this Repo as a Flake Input:
burpsuite-nix = {
url = "github:Red-Flake/burpsuite-nix";
inputs.nixpkgs.follows = "nixpkgs";
};Then you need to import the Module in your Home-Manager Configuration and configure it:
imports = [ inputs.burpsuite-nix.homeManagerModules.default ];
programs.burp = {
enable = true;
proEdition = true;
wordlists = {
seclists = "${pkgs.seclists}/share/wordlists/seclists";
};
cliArgs = [
"--suppress-jre-check"
"--i-accept-the-license-agreement"
"--disable-auto-update"
"--disable-check-for-updates-dialog"
"--temporary-project"
"--unpause-spider-and-scanner"
];
extensions = {
# Loaded by default
"403-bypasser".enable = true;
"json-web-tokens".enable = true;
"js-miner".enable = true;
"param-miner".enable = true;
# Installed but not loaded
"http-request-smuggler" = {
enable = true;
loaded = false;
# Via the Java Preferences API
settings = {
"key" = "value";
};
};
"pwnfox" = {
enable = true;
# Just fetch the JAR directly - no derivation needed!
package = pkgs.fetchurl {
url = "https://github.com/yeswehack/PwnFox/releases/download/v1.0.3/PwnFox.jar";
hash = "sha256-7drvaK/5L9afUHSXgD+G3auXJ1FYJXMiSO1ELaCNlx4=";
};
extensiontype = "1";
};
};
# Config stored in ~/.java/.userPrefs/burp/prefs.xml
preferences = {
"key" = "value";
};
# Settings that are deep-merged into the default config
settings = {
display.user_interface = {
# Enable Darkmode
look_and_feel = "Dark";
# Change Scaling
font_size = 17;
};
};
};When both Burp Suite and Firefox are enabled, this module automatically configures Firefox to trust Burp's CA certificate:
programs.firefox.enable = true;
programs.burp.enable = true;The certificate will be automatically installed to Firefox's policies and can be used for HTTPS interception without manual configuration.
Extensions can be configured with preferences that are stored in the Java Preferences API:
programs.burp.extensions = {
"http-request-smuggler" = {
enable = true;
loaded = false;
# These settings are applied via Java Preferences
settings = {
"customSetting" = "customValue";
};
};
};Configure Burp Suite preferences and license key through Java Preferences API:
programs.burp = {
enable = true;
# Add your Burp license key (will be stored in Java preferences)
license = "your-burp-license-key";
# Custom preferences stored in ~/.java/.userPrefs/burp/prefs.xml
preferences = {
"customPreference" = "value";
};
};Note: Preferences are only applied if the preferences file doesn't already exist, allowing manual changes to persist across rebuilds. You need to execute rm -rf ~/.java in order for everything to be regenerated.
- [] Add integration tests
- [] add extension loading order
- [] merge prefs.xml configs if they already exist
- [] remove the need for the python script and implement the encoding in pure nix