This project provides an AI-powered extension for Burp Suite, enabling security professionals to integrate advanced AI analysis directly into their web security testing workflows. It offers automated vulnerability detection, data privacy controls, and flexible AI backend integration, significantly enhancing the efficiency and depth of security assessments.

How It Works

Burp AI Agent acts as a bridge, connecting Burp Suite to various AI models, both local and cloud-based. It leverages a Model Context Protocol (MCP) to allow external AI agents to control Burp autonomously. The extension features passive and active scanners that analyze traffic for a wide range of vulnerabilities, freeing up users to focus on complex manual testing. Its design prioritizes flexibility by supporting numerous AI backends and offering configurable privacy modes.

Quick Start & Requirements

To install, download the latest JAR from Releases or build from source using Java 21. The build command is:

git clone https://github.com/six2dez/burp-ai-agent.git
cd burp-ai-agent
JAVA_HOME=/path/to/jdk-21 ./gradlew clean shadowJar

Load the resulting .jar file into Burp Suite (Community or Professional, 2023.12+) via Extensions > Installed > Add. Configure AI backends (Ollama, LM Studio, OpenAI-compatible, Gemini CLI, Claude CLI, Codex CLI, OpenCode CLI) in the AI Agent tab. Optional MCP integration with tools like Claude Desktop requires Node.js 18+. Full documentation is available at burp-ai-agent.six2dez.com.

Highlighted Details

• Supports 7 distinct AI Backends, including local options like Ollama and LM Studio, and cloud CLIs.
• Integrates over 53 MCP Tools, enabling autonomous Burp control via clients like Claude Desktop.
• Features 62 Vulnerability Classes for passive and active AI scanning across common security flaws.
• Includes 3 Privacy Modes (STRICT/BALANCED/OFF) to redact sensitive data before it leaves Burp.
• Provides Audit Logging in JSONL format with SHA-256 integrity hashing for compliance.

Maintenance & Community

The provided README does not contain specific details regarding notable contributors, sponsorships, partnerships, or community channels (e.g., Discord, Slack).

Licensing & Compatibility

This project is licensed under the permissive MIT License. This license generally allows for commercial use and integration with closed-source projects without significant restrictions.

Limitations & Caveats

Building from source requires Java 21. The extension itself requires Burp Suite version 2023.12 or newer. MCP server functionality necessitates Node.js 18+. Users are solely responsible for ensuring legal compliance when using the tool for security testing on targets.