├── .gitignore ├── BappDescription.html ├── BappManifest.bmf ├── LICENSE ├── README.md ├── SECURITY.md ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat └── src └── main └── java └── ai ├── BurpAIContextMenu.java ├── BurpAITab.java ├── BurpAiRequestTab.java ├── Extension.java └── PromptHandler.java /.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | .DS_Store 3 | out/ 4 | build/ 5 | .idea/ 6 | .settings 7 | .gradle/ 8 | -------------------------------------------------------------------------------- /BappDescription.html: -------------------------------------------------------------------------------- 1 |

AI HTTP ANALYZER is an advanced security analysis assistant integrated into Burp Suite. It examines HTTP requests and responses for potential security vulnerabilities such as SQL injection, XSS, CSRF, and other threats. The extension provides focused technical analysis, including quick identification of detected vulnerabilities, clear technical steps for exploitation, and PoC examples and payloads where applicable.

2 | 3 |

Features

4 | 5 | 16 | 17 |

Usage

18 | 19 |
    20 |
  1. Right-click on a request/response from the Proxy, Repeater or Target tool tab and "Send to AI HTTP Analyzer".
    2. 21 |
  2. Go to the AI HTTP Analyzer tab, and select the tab for your request.
    3. 22 |
  3. Configure your analysis options. 23 | 33 |
    4. 34 |
  4. Click the "Analyze with AI HTTP Analyzer" button.
    5. 35 |
  5. Review the returned AI response.
    6. 36 |
37 | 38 |

Prompt guide

39 | 40 |

Best practices for writing prompts:

41 | 42 | 48 | 49 |

The AI will analyze:

50 | 51 | 56 | 57 |

Proof-of-concept generation

58 | 59 |

AI HTTP Analyzer can help security professionals generate and customize proof-of-concept exploits in various ways:

60 | 61 |
    62 |
  1. Automated PoC Generation: 63 | 68 |
    2. 69 |
  2. Example PoC Prompts: 70 | 76 |
    3. 77 |
  3. PoC Customization: 78 | 83 |
    4. 84 |
  4. Security Testing Workflow: 85 | 92 |
    5. 93 |
94 | -------------------------------------------------------------------------------- /BappManifest.bmf: -------------------------------------------------------------------------------- 1 | Uuid: 36cb140ac1a6449bbab1bafc18df8cfa 2 | ExtensionType: 1 3 | Name: AI HTTP Analyzer 4 | RepoName: ai-http-analyzer 5 | ScreenVersion: 2025.1.1 6 | SerialVersion: 2 7 | MinPlatformVersion: 19 8 | ProOnly: True 9 | Author: Alperen Ergel 10 | ShortDescription: Use AI to analyze HTTP requests and responses for potential security vulnerabilities like SQL injection, XSS, CSRF and more. 11 | EntryPoint: build/libs/ai-http-analyzer-2025.1.1.jar 12 | BuildCommand: ./gradlew jar 13 | SupportedProducts: Pro 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AI HTTP ANALYZER: An AI-Powered Security Analysis Assistant for Burp Suite 2 | 3 | AI HTTP ANALYZER revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues. Whether you're a penetration tester, security researcher, or web security enthusiast, AI HTTP ANALYZER enhances your workflow with smart, context-aware security analysis and real-time vulnerability assessments. 4 | 5 | ## Overview 6 | 7 | AI HTTP ANALYZER is an advanced security analysis assistant integrated into Burp Suite. It examines HTTP requests and responses for potential security vulnerabilities such as SQL injection, XSS, CSRF, and other threats. The extension provides focused technical analysis, including quick identification of detected vulnerabilities, clear technical steps for exploitation, and PoC examples and payloads where applicable. 8 | 9 | ## Features 10 | 11 | - 🔍 **Analyze HTTP requests and responses for security vulnerabilities** 12 | - 🛠️ **Provide technical analysis and exploitation steps** 13 | - 📄 **Include PoC examples and payloads** 14 | - 🖥️ **Integrate with Burp Suite's UI and context menu** 15 | - 🚀 **Real-time vulnerability assessments** 16 | - 🤖 **AI-powered context-aware analysis** 17 | - 🎯 **Generate Proof-of-Concept exploits** 18 | - 📝 **Custom PoC script generation** 19 | - 🔧 **Payload customization for specific scenarios** 20 | 21 | ## Installation 22 | 23 | 1. Clone the repository: 24 | 25 | ```sh 26 | git clone https://github.com/alpernae/AIHTTPAnalyzer.git 27 | ``` 28 | 29 | 2. Navigate to the project directory: 30 | 31 | ```sh 32 | cd AIHTTPAnalyzer 33 | ``` 34 | 35 | 3. Build the project using Gradle: 36 | 37 | ```sh 38 | ./gradlew build 39 | ``` 40 | 41 | 4. Locate the generated JAR file in the `build/libs` directory. 42 | 43 | 5. Open Burp Suite and go to the `Extender` tab. 44 | 45 | 6. Click on the `Add` button and select the generated JAR file. 46 | 47 | ## Usage 48 | 49 | 1. Once the extension is loaded, you will see a new tab named `AIHTTPAnalyzer` in Burp Suite. 50 | 51 | 2. You can analyze HTTP requests and responses by selecting them and using the context menu option `Send to AIHTTPAnalyzer`. 52 | 53 | 3. In the `AIHTTPAnalyzer` tab, you can: 54 | - Use checkboxes to include/exclude the request and response in your analysis 55 | - Enter custom prompts in the text field for specific analysis requirements 56 | 57 | 4. Custom Prompt Examples: 58 | ``` 59 | "Check for IDOR vulnerabilities in this endpoint" 60 | "Analyze the authentication mechanism in this request" 61 | "Suggest possible SQL injection points in this request" 62 | "Generate bypass payloads for the WAF patterns in this response" 63 | ``` 64 | 65 | 5. Prompt Best Practices: 66 | - Be specific about what you want to analyze 67 | - Include the type of vulnerability you're looking for 68 | - Ask for specific payload suggestions when needed 69 | - Request exploitation steps if applicable 70 | 71 | 6. The AI will analyze: 72 | - The selected request/response (if checked) 73 | - Your custom prompt 74 | - The context of the HTTP interaction 75 | 76 | 7. Click the `Analyze with AIHTTPAnalyzer` button to send the prompt and view the results. 77 | 78 | ## Proof-of-Concept Generation 79 | 80 | The AI HTTP ANALYZER helps security professionals generate and customize proof-of-concept exploits: 81 | 82 | 1. **Automated PoC Generation:** 83 | - Request PoC scripts for detected vulnerabilities 84 | - Get working exploit code examples 85 | - Receive customized payloads for specific scenarios 86 | 87 | 2. **Example PoC Prompts:** 88 | ``` 89 | "Generate a PoC script for this XSS vulnerability" 90 | "Create a Python script to exploit this SQL injection" 91 | "Provide a curl command to reproduce this SSRF vulnerability" 92 | "Generate a working payload to bypass this authentication mechanism" 93 | ``` 94 | 95 | 3. **PoC Customization:** 96 | - Request language-specific implementations (Python, JavaScript, curl, etc.) 97 | - Get explanations for each part of the exploit 98 | - Receive guidance on safe testing practices 99 | 100 | 4. **Security Testing Workflow:** 101 | - Identify vulnerability 102 | - Generate PoC code 103 | - Customize exploit parameters 104 | - Validate the vulnerability 105 | - Document findings 106 | 107 | ## Extensibility with AI 108 | 109 | AI-powered extensibility opens up new possibilities for solving challenges that were previously difficult or even impossible with traditional code alone. Now, you can leverage AI to enhance security testing, automate tedious tasks, and gain deeper insights into web application vulnerabilities. 110 | 111 | ## Version 112 | 113 | **2025.1.0** 114 | 115 | ## Author 116 | 117 | **ALPEREN ERGEL (@alpernae)** 118 | 119 | ## License 120 | 121 | This project is licensed under the MIT License. You may use, modify, and distribute this code under the terms of the MIT License. For more details, see the [LICENSE](LICENSE) file. -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | We release patches for security vulnerabilities. Which versions are eligible for security updates? 6 | 7 | | Version | Supported | 8 | | ------- | ------------------ | 9 | | 2025.1.0 | :white_check_mark: | 10 | 11 | ## Reporting a Vulnerability 12 | 13 | If you discover a security vulnerability within this project, please follow these steps: 14 | 15 | 1. You can: 16 | - Open a security issue with the 'Security' label 17 | - Create a pull request with a patch 18 | - Send an email to alpernae@proton.me 19 | 20 | We welcome all responsible security disclosures through any of these channels. 21 | 2. Include the following information in your email: 22 | - A description of the vulnerability. 23 | - Steps to reproduce the vulnerability. 24 | - Any potential impact or exploit scenarios. 25 | 3. We will acknowledge receipt of your email within 48 hours and will work with you to understand and resolve the issue promptly. 26 | 27 | We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions. 28 | 29 | ## Responsible Disclosure 30 | 31 | We follow responsible disclosure guidelines to ensure that vulnerabilities are addressed promptly and that users are informed about potential risks. We request that you: 32 | 33 | - Give us a reasonable amount of time to address the issue before making any information public. 34 | - Avoid exploiting the vulnerability for any reason. 35 | - Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of our services. 36 | 37 | ## Current Status 38 | 39 | There are no known security issues at the moment. 40 | 41 | Thank you for helping to keep this project secure. 42 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java' 3 | } 4 | 5 | group 'net.portswigger.burp.extensions.example' 6 | version '2025.1.1' // fixed version number 7 | 8 | repositories { 9 | mavenCentral() 10 | } 11 | 12 | dependencies { 13 | compileOnly 'net.portswigger.burp.extensions:montoya-api:2025.2' // Burp API 14 | implementation 'org.commonmark:commonmark:0.18.2' // Markdown rendering 15 | implementation 'com.vladsch.flexmark:flexmark-all:0.64.8' 16 | implementation 'org.jsoup:jsoup:1.14.3' // HTML sanitization 17 | } 18 | 19 | jar { 20 | duplicatesStrategy = DuplicatesStrategy.EXCLUDE 21 | 22 | from { 23 | configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/ai-http-analyzer/ca3d0388cb7e7ea7356c155a2e5508930800dafd/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | if $JAVACMD --add-opens java.base/java.lang=ALL-UNNAMED -version ; then 166 | DEFAULT_JVM_OPTS="--add-opens java.base/java.lang=ALL-UNNAMED $DEFAULT_JVM_OPTS" 167 | fi 168 | 169 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 170 | 171 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 172 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 173 | cd "$(dirname "$0")" 174 | fi 175 | 176 | exec "$JAVACMD" "$@" 177 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /src/main/java/ai/BurpAIContextMenu.java: -------------------------------------------------------------------------------- 1 | package ai; 2 | 3 | import burp.api.montoya.core.ToolType; 4 | import burp.api.montoya.http.message.HttpRequestResponse; 5 | import burp.api.montoya.ui.contextmenu.ContextMenuEvent; 6 | import burp.api.montoya.ui.contextmenu.ContextMenuItemsProvider; 7 | 8 | import javax.swing.*; 9 | import java.awt.*; 10 | import java.util.List; 11 | 12 | import static java.util.Collections.emptyList; 13 | 14 | public class BurpAIContextMenu implements ContextMenuItemsProvider { 15 | private final BurpAITab burpAITab; 16 | 17 | public BurpAIContextMenu(BurpAITab burpAITab) { 18 | this.burpAITab = burpAITab; 19 | } 20 | 21 | @Override 22 | public List provideMenuItems(ContextMenuEvent event) { 23 | if (!event.isFromTool(ToolType.PROXY) && !event.isFromTool(ToolType.REPEATER) && !event.isFromTool(ToolType.TARGET)) { 24 | return emptyList(); 25 | } 26 | 27 | JMenuItem sendToBurpAI = new JMenuItem("Send to AI HTTP Analyzer"); 28 | sendToBurpAI.addActionListener(e -> { 29 | HttpRequestResponse requestResponse = event.messageEditorRequestResponse().isPresent() 30 | ? event.messageEditorRequestResponse().get().requestResponse() 31 | : event.selectedRequestResponses().get(0); 32 | 33 | burpAITab.sendNewRequestToTab(requestResponse); 34 | }); 35 | 36 | return List.of(sendToBurpAI); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/main/java/ai/BurpAITab.java: -------------------------------------------------------------------------------- 1 | package ai; 2 | 3 | import burp.api.montoya.http.message.HttpRequestResponse; 4 | import burp.api.montoya.logging.Logging; 5 | import burp.api.montoya.ui.UserInterface; 6 | 7 | import javax.swing.*; 8 | import java.awt.*; 9 | import java.awt.event.*; 10 | import java.util.HashMap; 11 | import java.util.Map; 12 | import java.util.concurrent.ExecutorService; 13 | 14 | public class BurpAITab { 15 | private final JPanel mainPanel; 16 | private final JTabbedPane tabbedPane; 17 | private final Map tabRequests; 18 | private int tabCounter = 1; 19 | private final Logging logging; 20 | private final PromptHandler promptHandler; 21 | private final ExecutorService executorService; 22 | private final UserInterface userInterface; 23 | 24 | public BurpAITab(UserInterface userInterface, Logging logging, PromptHandler promptHandler, ExecutorService executorService) { 25 | this.userInterface = userInterface; 26 | this.logging = logging; 27 | this.promptHandler = promptHandler; 28 | this.executorService = executorService; 29 | 30 | tabRequests = new HashMap<>(); 31 | 32 | mainPanel = new JPanel(new BorderLayout()); 33 | tabbedPane = new JTabbedPane(); 34 | 35 | // Add initial empty tab 36 | createNewTab("Default", null); 37 | 38 | mainPanel.setBorder(BorderFactory.createEmptyBorder(5, 5, 5, 5)); 39 | mainPanel.add(tabbedPane, BorderLayout.CENTER); 40 | } 41 | 42 | public void sendNewRequestToTab(HttpRequestResponse requestResponse) { 43 | String tabTitle = "Request " + tabCounter++; 44 | createNewTab(tabTitle, requestResponse); 45 | } 46 | 47 | private void createNewTab(String title, HttpRequestResponse requestResponse) { 48 | Component tabContent = createTabContent(requestResponse); 49 | tabbedPane.addTab(title, tabContent); 50 | tabbedPane.setTabComponentAt(tabbedPane.getTabCount() - 1, createTabComponent(title)); 51 | 52 | if (requestResponse != null) { 53 | logging.logToOutput("Creating new tab with request: " + requestResponse.request().toString()); 54 | tabRequests.put(tabContent, requestResponse); 55 | } 56 | 57 | tabbedPane.setSelectedIndex(tabbedPane.getTabCount() - 1); 58 | } 59 | 60 | private Component createTabContent(HttpRequestResponse requestResponse) { 61 | return new BurpAiRequestTab(logging, userInterface, executorService, promptHandler, requestResponse); 62 | } 63 | 64 | private Component createTabComponent(String title) { 65 | JPanel tabComponent = new JPanel(new FlowLayout(FlowLayout.LEFT, 2, 0)); 66 | tabComponent.setOpaque(false); 67 | 68 | // Create label instead of text field 69 | JLabel titleLabel = new JLabel(title); 70 | titleLabel.setPreferredSize(new Dimension(70, 30)); 71 | 72 | // Create text field for editing (initially invisible) 73 | JTextField titleField = new JTextField(title); 74 | titleField.setPreferredSize(new Dimension(100, 20)); 75 | titleField.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 5)); 76 | titleField.setVisible(false); 77 | 78 | // Add mouse listener to the entire tab component for selection 79 | tabComponent.addMouseListener(new MouseAdapter() { 80 | @Override 81 | public void mousePressed(MouseEvent e) { 82 | // Select this tab when clicked 83 | int index = tabbedPane.indexOfTabComponent(tabComponent); 84 | if (index != -1) { 85 | tabbedPane.setSelectedIndex(index); 86 | } 87 | } 88 | }); 89 | 90 | // Handle double click on label 91 | titleLabel.addMouseListener(new MouseAdapter() { 92 | @Override 93 | public void mouseClicked(MouseEvent e) { 94 | if (e.getClickCount() == 2) { 95 | titleLabel.setVisible(false); 96 | titleField.setText(titleLabel.getText()); 97 | titleField.setVisible(true); 98 | titleField.requestFocus(); 99 | } else if (e.getClickCount() == 1) { 100 | // Select this tab on single click too 101 | int index = tabbedPane.indexOfTabComponent(tabComponent); 102 | if (index != -1) { 103 | tabbedPane.setSelectedIndex(index); 104 | } 105 | } 106 | } 107 | }); 108 | 109 | // Handle editing complete 110 | titleField.addFocusListener(new FocusAdapter() { 111 | @Override 112 | public void focusLost(FocusEvent e) { 113 | finishEditing(titleLabel, titleField); 114 | } 115 | }); 116 | 117 | titleField.addKeyListener(new KeyAdapter() { 118 | @Override 119 | public void keyPressed(KeyEvent e) { 120 | if (e.getKeyCode() == KeyEvent.VK_ENTER) { 121 | finishEditing(titleLabel, titleField); 122 | } 123 | } 124 | }); 125 | 126 | // Improved close button styling 127 | JButton closeButton = new JButton("×"); 128 | closeButton.setFont(new Font(closeButton.getFont().getName(), Font.PLAIN, 12)); 129 | closeButton.setPreferredSize(new Dimension(12, 12)); 130 | closeButton.setMargin(new Insets(0, 0, 0, 0)); 131 | closeButton.setFocusable(false); 132 | closeButton.addActionListener(e -> { 133 | int index = tabbedPane.indexOfTabComponent(tabComponent); 134 | if (index != -1 && tabbedPane.getTabCount() > 1) { // Prevent closing last tab 135 | Component content = tabbedPane.getComponentAt(index); 136 | tabRequests.remove(content); 137 | tabbedPane.remove(index); 138 | } 139 | }); 140 | 141 | tabComponent.add(titleLabel); 142 | tabComponent.add(titleField); 143 | tabComponent.add(closeButton); 144 | return tabComponent; 145 | } 146 | 147 | private void finishEditing(JLabel label, JTextField textField) { 148 | label.setText(textField.getText()); 149 | label.setVisible(true); 150 | textField.setVisible(false); 151 | } 152 | 153 | public Component getUiComponent() { 154 | return mainPanel; 155 | } 156 | 157 | // This is unused: 158 | // private void updateTabContent(Component tabContent, HttpRequestResponse requestResponse) { 159 | // if (requestResponse == null) { 160 | // logging.logToError("Request/Response is null"); 161 | // return; 162 | // } 163 | // 164 | // logging.logToOutput("Updating tab content with request: " + requestResponse.request().toString()); 165 | // 166 | // if (tabContent instanceof JPanel) { 167 | // JSplitPane verticalSplit = (JSplitPane) ((JPanel) tabContent).getComponent(0); 168 | // JSplitPane horizontalSplit = (JSplitPane) verticalSplit.getTopComponent(); 169 | // 170 | // Component leftComponent = horizontalSplit.getLeftComponent(); 171 | // Component rightComponent = horizontalSplit.getRightComponent(); 172 | // 173 | // if (leftComponent instanceof Component) { 174 | // HttpRequestEditor reqEditor = (HttpRequestEditor) SwingUtilities.getAncestorOfClass(HttpRequestEditor.class, leftComponent); 175 | // if (reqEditor != null) { 176 | // reqEditor.setRequest(requestResponse.request()); 177 | // } 178 | // } 179 | // 180 | // if (rightComponent instanceof Component) { 181 | // HttpResponseEditor respEditor = (HttpResponseEditor) SwingUtilities.getAncestorOfClass(HttpResponseEditor.class, rightComponent); 182 | // if (respEditor != null) { 183 | // respEditor.setResponse(requestResponse.response()); 184 | // } 185 | // } 186 | // } 187 | // } 188 | } 189 | -------------------------------------------------------------------------------- /src/main/java/ai/BurpAiRequestTab.java: -------------------------------------------------------------------------------- 1 | package ai; 2 | 3 | import burp.api.montoya.ai.chat.PromptResponse; 4 | import burp.api.montoya.http.message.HttpRequestResponse; 5 | import burp.api.montoya.http.message.requests.HttpRequest; 6 | import burp.api.montoya.http.message.responses.HttpResponse; 7 | import burp.api.montoya.logging.Logging; 8 | import burp.api.montoya.ui.UserInterface; 9 | import burp.api.montoya.ui.editor.HttpRequestEditor; 10 | import burp.api.montoya.ui.editor.HttpResponseEditor; 11 | import com.vladsch.flexmark.html.HtmlRenderer; 12 | import com.vladsch.flexmark.parser.Parser; 13 | import org.jsoup.Jsoup; 14 | import org.jsoup.nodes.Document; 15 | import org.jsoup.safety.Safelist; 16 | 17 | import javax.swing.*; 18 | import java.awt.*; 19 | import java.awt.event.KeyAdapter; 20 | import java.awt.event.KeyEvent; 21 | import java.util.concurrent.ExecutorService; 22 | import java.util.function.Consumer; 23 | 24 | public class BurpAiRequestTab extends JPanel 25 | { 26 | private final Logging logging; 27 | private final ExecutorService executorService; 28 | private final PromptHandler promptHandler; 29 | 30 | public BurpAiRequestTab(Logging logging, UserInterface userInterface, ExecutorService executorService, PromptHandler promptHandler, HttpRequestResponse requestResponse) { 31 | this.logging = logging; 32 | this.executorService = executorService; 33 | this.promptHandler = promptHandler; 34 | 35 | this.setLayout(new BorderLayout()); 36 | 37 | // Create split panes for layout with specific orientation 38 | JSplitPane verticalSplit = new JSplitPane(JSplitPane.VERTICAL_SPLIT, true); 39 | JSplitPane horizontalSplit = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT, true); 40 | 41 | // Initialize editors using class field 42 | HttpRequestEditor requestEditor = userInterface.createHttpRequestEditor(); 43 | HttpResponseEditor responseEditor = userInterface.createHttpResponseEditor(); 44 | 45 | if (requestResponse != null) { 46 | requestEditor.setRequest(requestResponse.request()); 47 | responseEditor.setResponse(requestResponse.response()); 48 | } 49 | 50 | // Create AI response area with minimum size 51 | JEditorPane aiResponseArea = new JEditorPane(); 52 | aiResponseArea.setContentType("text/html"); 53 | aiResponseArea.setEditable(false); 54 | JScrollPane aiScrollPane = new JScrollPane(aiResponseArea); 55 | aiScrollPane.setPreferredSize(new Dimension(800, 200)); 56 | 57 | // Add components to splits and set preferred sizes 58 | horizontalSplit.setLeftComponent(requestEditor.uiComponent()); 59 | horizontalSplit.setRightComponent(responseEditor.uiComponent()); 60 | horizontalSplit.setResizeWeight(0.5); 61 | 62 | verticalSplit.setTopComponent(horizontalSplit); 63 | verticalSplit.setBottomComponent(aiScrollPane); 64 | verticalSplit.setResizeWeight(0.7); 65 | 66 | // Set divider locations 67 | horizontalSplit.setDividerLocation(0.5); 68 | verticalSplit.setDividerLocation(0.7); 69 | 70 | this.add(verticalSplit, BorderLayout.CENTER); 71 | 72 | // Create a bottom panel with a FlowLayout and uniform spacing 73 | JPanel bottomPanel = new JPanel(new FlowLayout(FlowLayout.CENTER, 10, 10)); 74 | 75 | // New checkbox 76 | JCheckBox includeReqResp = new JCheckBox("Send Request and Response"); 77 | includeReqResp.setSelected(requestResponse != null); 78 | 79 | // Create a custom input field for additional user prompt 80 | JTextField customInputField = new JTextField(20); 81 | customInputField.setPreferredSize(new Dimension(200, 35)); 82 | 83 | // Add analyze button with custom styling 84 | JButton analyzeButton = new JButton("Analyze with AI HTTP Analyzer"); 85 | analyzeButton.setBackground(Color.decode("#ff6633")); 86 | analyzeButton.setForeground(Color.WHITE); 87 | //analyzeButton.setFont(new Font("Segoe UI Emoji", 13)); 88 | analyzeButton.setFocusPainted(false); 89 | analyzeButton.setBorderPainted(false); 90 | analyzeButton.setOpaque(true); 91 | 92 | // Make button thicker 93 | analyzeButton.setPreferredSize(new Dimension(analyzeButton.getPreferredSize().width, 35)); 94 | analyzeButton.setMargin(new Insets(5, 10, 5, 10)); 95 | 96 | // Add new checkbox, input field, and button 97 | bottomPanel.add(includeReqResp); 98 | bottomPanel.add(customInputField); 99 | bottomPanel.add(analyzeButton); 100 | this.add(bottomPanel, BorderLayout.SOUTH); 101 | 102 | Consumer runPrompt = e -> { 103 | analyzeRequest( 104 | requestEditor.getRequest(), 105 | responseEditor.getResponse(), 106 | aiResponseArea, 107 | includeReqResp.isSelected(), 108 | customInputField.getText()); 109 | // Clear the input field 110 | customInputField.setText(""); 111 | }; 112 | 113 | customInputField.addKeyListener(new KeyAdapter() { 114 | @Override 115 | public void keyPressed(KeyEvent e) { 116 | if (e.getKeyCode() == KeyEvent.VK_ENTER) { 117 | runPrompt.accept(e); 118 | } 119 | } 120 | }); 121 | 122 | analyzeButton.addActionListener(runPrompt::accept); 123 | } 124 | 125 | private void analyzeRequest(HttpRequest request, 126 | HttpResponse response, 127 | JEditorPane aiResponseArea, 128 | boolean includeRequestResponse, 129 | String customInput) { 130 | String promptText = buildPromptText(includeRequestResponse, customInput, request, response); 131 | 132 | if (promptText == null) { 133 | aiResponseArea.setText("Empty custom prompt or HTTP request."); 134 | return; 135 | } 136 | 137 | aiResponseArea.setText("Analyzing request/response..."); 138 | 139 | // Set AI response text to 12px 140 | aiResponseArea.setFont(new Font(aiResponseArea.getFont().getFamily(), Font.PLAIN, 12)); 141 | 142 | // Execute the AI prompt in a separate thread 143 | executorService.execute(() -> { 144 | try { 145 | PromptResponse aiResponse = promptHandler.sendWithSystemMessage(promptText); 146 | 147 | String content = aiResponse.content(); 148 | 149 | // Remove any backticks before converting to HTML 150 | if (content.contains("`")) { 151 | content = content.replaceAll("`+", ""); 152 | } 153 | 154 | // Sanitize the HTML content to remove potentially dangerous elements 155 | Document.OutputSettings outputSettings = new Document.OutputSettings(); 156 | outputSettings.prettyPrint(false); 157 | String sanitizedContent = Jsoup.clean(content, "", Safelist.basic(), outputSettings); 158 | 159 | // Convert Markdown to HTML 160 | Parser parser = Parser.builder().build(); 161 | HtmlRenderer renderer = HtmlRenderer.builder().build(); 162 | String htmlContent = renderer.render(parser.parse(sanitizedContent)); 163 | 164 | logging.logToOutput("AI response received successfully"); 165 | SwingUtilities.invokeLater(() -> 166 | aiResponseArea.setText(htmlContent) 167 | ); 168 | } catch (Exception error) { 169 | String errorDetails = "An unexpected error occurred: " + error.getMessage() + "\n\n" + 170 | "Please check the Burp Suite extension logs for more details."; 171 | logging.logToError(errorDetails); 172 | SwingUtilities.invokeLater(() -> 173 | aiResponseArea.setText(errorDetails) 174 | ); 175 | } 176 | }); 177 | } 178 | 179 | private static String buildPromptText(boolean includeRequestResponse, String customInput, HttpRequest request, HttpResponse response) { 180 | boolean analyzeRequest = includeRequestResponse && request != null; 181 | 182 | if (!analyzeRequest && customInput.isEmpty()) { 183 | return null; 184 | } 185 | 186 | // Build the prompt conditionally 187 | StringBuilder promptBuilder = new StringBuilder(); 188 | 189 | if (analyzeRequest) { 190 | promptBuilder.append("Analyze this HTTP request"); 191 | 192 | if (response != null) { 193 | promptBuilder.append(" and response"); 194 | } 195 | 196 | promptBuilder 197 | .append(" for security issues:\n") 198 | .append("REQUEST:\n") 199 | .append(request); 200 | 201 | if (response != null) { 202 | promptBuilder 203 | .append("\n\nRESPONSE:\n") 204 | .append(response); 205 | } 206 | 207 | promptBuilder.append("\n\n"); 208 | } 209 | 210 | // Always append the custom prompt, regardless of checkbox 211 | promptBuilder.append(customInput); 212 | 213 | return promptBuilder.toString(); 214 | } 215 | } 216 | -------------------------------------------------------------------------------- /src/main/java/ai/Extension.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2025. PortSwigger Ltd. All rights reserved. 3 | * 4 | * This code may be used to extend the functionality of Burp Suite Community Edition 5 | * and Burp Suite Professional, provided that this usage does not violate the 6 | * license terms for those products. 7 | */ 8 | 9 | package ai; 10 | 11 | import burp.api.montoya.BurpExtension; 12 | import burp.api.montoya.EnhancedCapability; 13 | import burp.api.montoya.MontoyaApi; 14 | import burp.api.montoya.logging.Logging; 15 | 16 | import java.util.Set; 17 | import java.util.concurrent.ExecutorService; 18 | 19 | import static burp.api.montoya.EnhancedCapability.AI_FEATURES; 20 | import static java.util.concurrent.Executors.newFixedThreadPool; 21 | 22 | @SuppressWarnings("unused") 23 | public class Extension implements BurpExtension { 24 | public static final String SYSTEM_MESSAGE = 25 | "You are AI HTTP Analyzer, an advanced security analysis assistant integrated into Burp Suite. " + 26 | "Your role is to examine HTTP requests and responses for potential security vulnerabilities, " + 27 | "such as SQL injection, XSS, CSRF, and other threats. " + 28 | "Provide a focused technical analysis including: " + 29 | "1. Quick identification of detected vulnerabilities " + 30 | "2. Clear technical steps for exploitation " + 31 | "3. PoC examples and payloads where applicable " + 32 | "Keep responses concise and technical, focusing on exploitation methods. " + 33 | "Avoid theoretical discussions or lengthy explanations. " + 34 | "Additionally, provide direct answers to any user questions or inputs related to security testing."; 35 | 36 | @Override 37 | public void initialize(MontoyaApi api) { 38 | api.extension().setName("AI HTTP Analyzer"); 39 | 40 | Logging logging = api.logging(); 41 | 42 | ExecutorService executorService = newFixedThreadPool(5); 43 | PromptHandler promptHandler = new PromptHandler(logging, api.ai(), SYSTEM_MESSAGE); 44 | 45 | BurpAITab burpAITab = new BurpAITab(api.userInterface(), logging, promptHandler, executorService); 46 | 47 | api.userInterface().registerSuiteTab("AI HTTP Analyzer", burpAITab.getUiComponent()); 48 | api.userInterface().registerContextMenuItemsProvider(new BurpAIContextMenu(burpAITab)); 49 | api.extension().registerUnloadingHandler(executorService::shutdownNow); 50 | 51 | // Log custom success message with logToOutput 52 | logging.logToOutput("AI HTTP Analyzer extension loaded successfully.\nAuthor: ALPEREN ERGEL (@alpernae)\nVersion: 2025.1.0"); 53 | } 54 | 55 | @Override 56 | public Set enhancedCapabilities() { 57 | return Set.of(AI_FEATURES); 58 | } 59 | } -------------------------------------------------------------------------------- /src/main/java/ai/PromptHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2025. PortSwigger Ltd. All rights reserved. 3 | * 4 | * This code may be used to extend the functionality of Burp Suite Community Edition 5 | * and Burp Suite Professional, provided that this usage does not violate the 6 | * license terms for those products. 7 | */ 8 | 9 | package ai; 10 | 11 | import burp.api.montoya.ai.Ai; 12 | import burp.api.montoya.ai.chat.Message; 13 | import burp.api.montoya.ai.chat.PromptException; 14 | import burp.api.montoya.ai.chat.PromptResponse; 15 | import burp.api.montoya.logging.Logging; 16 | 17 | import static burp.api.montoya.ai.chat.Message.systemMessage; 18 | import static burp.api.montoya.ai.chat.Message.userMessage; 19 | 20 | public class PromptHandler 21 | { 22 | private final Logging logging; 23 | private final Ai ai; 24 | private final Message systemMessage; 25 | 26 | public PromptHandler(Logging logging, Ai ai, String systemPrompt) 27 | { 28 | this.logging = logging; 29 | this.ai = ai; 30 | this.systemMessage = systemMessage(systemPrompt); 31 | } 32 | 33 | public Message[] build(String userPrompt) 34 | { 35 | return new Message[]{systemMessage, userMessage(userPrompt)}; 36 | } 37 | 38 | public PromptResponse sendWithSystemMessage(String userPrompt) 39 | { 40 | if (ai.isEnabled()) 41 | { 42 | try 43 | { 44 | return ai.prompt().execute(build(userPrompt)); 45 | } 46 | catch (PromptException e) 47 | { 48 | logging.logToError(e); 49 | } 50 | } 51 | 52 | throw new RuntimeException("Please enable AI functionality."); 53 | } 54 | } 55 | --------------------------------------------------------------------------------