OP 17 June, 2023 - 08:08 PM
This Extenstion Integrates OpenAI’s GPT To Perform An Additional Passive Scan
MORE ABOUT THIS EXTENSTION
burpgpt leverages the power of AI to detect security vulnerabilities that traditional scanners might miss. It sends web traffic to an OpenAI model specified by the user, enabling sophisticated analysis within the passive scanner. This extension offers customisable prompts that enable tailored web traffic analysis to meet the specific needs of each user. Check out the Example Use Cases 1 section for inspiration. The extension generates an automated security report that summarises potential security issues based on the user’s prompt and real-time data from Burp-issued requests. By leveraging AI and natural language processing, the extension streamlines the security assessment process and provides security professionals with a higher-level overview of the scanned application or endpoint. This enables them to more easily identify potential security issues and prioritise their analysis, while also covering a larger potential attack surface.
Features
, are met before building and running the project. Note that the project’s external dependencies will be automatically managed and installed by
during the build process. Adhering to the requirements will help avoid potential issues and reduce the need for opening new issues in the project repository.UsageTo start using burpgpt, users need to complete the following steps in the Settings panel, which can be accessed from the Burp Suite menu bar:
enables users to tailor the
for traffic analysis using a
system. To include relevant information, we recommend using these
, which the extension handles directly, allowing dynamic insertion of specific values into the
:
The scanned request.
The URL of the scanned request.
The HTTP request method used in the scanned request.
The headers of the scanned request.
The body of the scanned request.
The scanned response.
The headers of the scanned response.
The body of the scanned response.
A
value that is programmatically set to
or
to indicate whether the
was truncated to the
defined in the
.These
can be used in the custom
to dynamically generate a request/response analysis
that is specific to the scanned request.Example Use CasesThe following list of example use cases showcases the bespoke and highly customisable nature of
, which enables users to tailor their web traffic analysis to meet their specific needs.
[/code]
[/code]
[/code]
[/code]
[/code]
[/code]
[/code]
[/code]
Roadmap
MORE ABOUT THIS EXTENSTION
burpgpt leverages the power of AI to detect security vulnerabilities that traditional scanners might miss. It sends web traffic to an OpenAI model specified by the user, enabling sophisticated analysis within the passive scanner. This extension offers customisable prompts that enable tailored web traffic analysis to meet the specific needs of each user. Check out the Example Use Cases 1 section for inspiration. The extension generates an automated security report that summarises potential security issues based on the user’s prompt and real-time data from Burp-issued requests. By leveraging AI and natural language processing, the extension streamlines the security assessment process and provides security professionals with a higher-level overview of the scanned application or endpoint. This enables them to more easily identify potential security issues and prioritise their analysis, while also covering a larger potential attack surface.
Features
- Adds a , allowing users to submitCode:
passive scan check
data to anCode:HTTP
-controlledCode:OpenAI
for analysis through aCode:GPT model
system.Code:placeholder
- Leverages the power of to conduct comprehensive traffic analysis, enabling detection of various issues beyond just security vulnerabilities in scanned applications.Code:
OpenAI's GPT models
- Enables granular control over the number of used in the analysis by allowing for precise adjustments of theCode:
GPT tokens
.Code:maximum prompt length
- Offers users multiple to choose from, allowing them to select the one that best suits their needs.Code:
OpenAI models
- Empowers users to customise and unleash limitless possibilities for interacting withCode:
prompts
.Code:OpenAI models
- Integrates with , providing all native features for pre- and post-processing, including displaying analysis results directly within the Burp UI for efficient analysis.Code:
Burp Suite
- Provides troubleshooting functionality via the native , enabling users to quickly resolve communication issues with theCode:
Burp Event Log
.Code:OpenAI API
- Operating System: Compatible with ,Code:
Linux
, andCode:macOS
operating systems.Code:Windows
- Java Development Kit (JDK): or later.Code:
Version 11
- Burp Suite Professional or Community Edition: or later.Code:
Version 2023.3.2
- Gradle: or later (recommended). The build.gradle file is provided in the project repository.Code:
Version 6.9
- Set up the environment variable to point to theCode:
JAVA_HOME
installation directory.Code:JDK
Code:
Burp SuiteCode:
Gradle- Enter a valid .Code:
OpenAI API key
- Select a .Code:
model
- Define the . This field controls the maximumCode:
max prompt size
length sent toCode:prompt
to avoid exceeding theCode:OpenAI
ofCode:maxTokens
models (typically aroundCode:GPT
forCode:2048
).Code:GPT-3
- Adjust or create custom prompts according to your requirements.
Code:
burpgptCode:
promptCode:
placeholderCode:
placeholdersCode:
promptCode:
{REQUEST}Code:
{URL}Code:
{METHOD}Code:
{REQUEST_HEADERS}Code:
{REQUEST_BODY}Code:
{RESPONSE}Code:
{RESPONSE_HEADERS}Code:
{RESPONSE_BODY}Code:
{IS_TRUNCATED_PROMPT}Code:
booleanCode:
trueCode:
falseCode:
promptCode:
Maximum Prompt SizeCode:
SettingsCode:
placeholdersCode:
promptCode:
promptCode:
burpgpt- Identifying potential vulnerabilities in web applications that use a crypto library affected by a specific CVE:
Code:
[code]
[code]
Analyse the request and response data for potential security vulnerabilities related to the {CRYPTO_LIBRARY_NAME} crypto library affected by CVE-{CVE_NUMBER}: Web Application URL: {URL} Crypto Library Name: {CRYPTO_LIBRARY_NAME} CVE Number: CVE-{CVE_NUMBER} Request Headers: {REQUEST_HEADERS} Response Headers: {RESPONSE_HEADERS} Request Body: {REQUEST_BODY} Response Body: {RESPONSE_BODY} Identify any potential vulnerabilities related to the {CRYPTO_LIBRARY_NAME} crypto library affected by CVE-{CVE_NUMBER} in the request and response data and report them.[/code]
[/code]
- Scanning for vulnerabilities in web applications that use biometric authentication by analysing request and response data related to the authentication process:
Code:
[code]
[code]
Analyse the request and response data for potential security vulnerabilities related to the biometric authentication process: Web Application URL: {URL} Biometric Authentication Request Headers: {REQUEST_HEADERS} Biometric Authentication Response Headers: {RESPONSE_HEADERS} Biometric Authentication Request Body: {REQUEST_BODY} Biometric Authentication Response Body: {RESPONSE_BODY} Identify any potential vulnerabilities related to the biometric authentication process in the request and response data and report them.[/code]
[/code]
- Analysing the request and response data exchanged between serverless functions for potential security vulnerabilities:
Code:
[code]
[code]
Analyse the request and response data exchanged between serverless functions for potential security vulnerabilities: Serverless Function A URL: {URL} Serverless Function B URL: {URL} Serverless Function A Request Headers: {REQUEST_HEADERS} Serverless Function B Response Headers: {RESPONSE_HEADERS} Serverless Function A Request Body: {REQUEST_BODY} Serverless Function B Response Body: {RESPONSE_BODY} Identify any potential vulnerabilities in the data exchanged between the two serverless functions and report them.[/code]
[/code]
- Analysing the request and response data for potential security vulnerabilities specific to a Single-Page Application (SPA) framework:
Code:
[code]
[code]
Analyse the request and response data for potential security vulnerabilities specific to the {SPA_FRAMEWORK_NAME} SPA framework: Web Application URL: {URL} SPA Framework Name: {SPA_FRAMEWORK_NAME} Request Headers: {REQUEST_HEADERS} Response Headers: {RESPONSE_HEADERS} Request Body: {REQUEST_BODY} Response Body: {RESPONSE_BODY} Identify any potential vulnerabilities related to the {SPA_FRAMEWORK_NAME} SPA framework in the request and response data and report them.[/code]
Roadmap
- Add a new field to the panel that allows users to set theCode:
Settings
limit for requests, thereby limiting the request size. ← Exclusive to the Pro edition of BurpGPT 2.Code:maxTokens
- Add support for connecting to a local instance of the , allowing users to run and interact with the model on their local machines, potentially improving response times and data privacy. ← Exclusive to the Pro edition of BurpGPT 2.Code:
AI model
- Retrieve the precise value for eachCode:
maxTokens
to transmit the maximum allowable data and obtain the most extensiveCode:model
response possible.Code:GPT
- Implement persistent configuration storage to preserve settings across restarts. ← Exclusive to the Pro edition of BurpGPT 2.Code:
Burp Suite
- Enhance the code for accurate parsing of responses into theCode:
GPT
for improved reporting. ← Exclusive to the Pro edition of BurpGPT 2.Code:Vulnerability model
Spoiler: