For client-side restoring of backups made with BURP, we'll first need to check which backup number we want to probe/restore from, by running [-action list]:
> burp -a l
From this, we should see a list of recoverable backups, and select the backup number [first column] based on the desired date, IE:
> burp -a l
Backup: 0000001 2021-08-24 21:14:41 -0400 (deletable)
Backup: 0000043 2021-10-15 07:12:04 -0400 (deletable)
Backup: 0000085 2021-12-24 20:50:06 -0500 (deletable)
[etc.]
Once the backup number has been selected [IE: say #85 in above example], we should do a list to look for the file/directory/whatnot we're after [-action list, backup#, regex_to_match]:
> burp -a l -b 85 -r [regex to match]
It's important to note, that the exact path, or full path & file name can be used as the regex, instead of worrying about a more complicated regex string. Assuming executing the command above exactly matches the file we're after, and *only* the file we're after, we can choose one of two actions:
Recover in place [-action recover, backup#, regex_to_match, directory/restore destination]:
> burp -a r -b 85 -r [regex to match] -d /
[Note: -f can be used to "'force overwrite'. Without this option set, a restore will not overwrite existing files."
Also, note: "'-d' is also required, because you need to tell burp the target directory for the restore"]
Recover to temporary directory [-action recover, backup#, regex_to_match, directory/restore destination]:
> burp -a r -b 85 -r [regex to match] -d /[path-to]/[temp-directory]/
In general, the burp "-a r" string should *always* match your successful/desired burp "-a l" string, with simply "-d /[...]" appended per above.
Burp will create the full tree to a given restoring file/path as necessary (even if buried in a temp directory], unless directories are stripped with "-s [number of parent directories to prune]", so you may end up with something like "/tmp/restore/var/log/messages" if attempting to restore "/var/log/messages" within a temporary directory of "/tmp/restore/". This is normal.
Original BURP restore documentation:
https://burp.grke.org/docs/restoring.html