AI Reporter – Let’s automate reporting in Burp Suite!

May 27, 2026|

To wrap up PortSwigger Extensibility Month in style, today I’ll walk you through an extension I recently published: Burp Suite AI Reporter. It started as a quick use case for Extending Burp Suite for Fun and Profit – The Montoya Way – Part 10, but it turned out to be quite useful. So I expanded it a bit and decided to release it as a full extension.

LLMs have proven to be excellent tools for generating and understanding text, so why not take advantage of that when writing pentest reports?

AI Reporter is a Burp Suite extension that automatically generates vulnerability findings from HTTP request/response pairs using Burp AI or local Ollama instances (or any other OpenAI compatible service). The workflow is very simple: right-click any request in Burp, select Report with AI, fill in the vulnerability name, severity, and confidence (plus any extra context if needed), and the extension generates a structured finding, adds it as a Burp issue, and can optionally export it as a Markdown file ready for your report.

That’s it!

The extension currently includes the following features:

Easy reporting: you choose a title, and the extension can infer most of the necessary details from it and from the HTTP request/response. If additional details are needed (for example, for an IDOR or something that cannot be inferred from the request and/or response), they can be provided manually.
Flexible LLM backend: you can use Burp AI (the native integration in Burp Pro) or any OpenAI-compatible endpoint, including a local Ollama instance. The local option may be particularly useful for engagements where sending data to third parties is not allowed.
Customizable prompts and templates: both the system prompts and input/output templates are fully editable. You can tweak how the LLM generates findings and control exactly what ends up in your Markdown export, using dynamic tags that inject data at runtime (including requests/responses, or parts of them).
Markdown export: findings are added to Burp Suite and can also be saved as Markdown files (or any other text-based format).
Support for Burp Suite Community: the extension can also be used by Community Edition users, using Ollama or any OpenAI-compatible endpoint, with findings exported only (issue reporting in Burp Suite is a Pro feature).
A basic chat tab: there’s also a lightweight chat interface for quick questions or debugging the extension. It keeps history within the session, but don’t expect too much. It’s intentionally minimal, with no advanced features (such as context trimming).

The extension can be downloaded from the Releases section of my GitHub repository, and it should soon also be available on the Burp Suite BApp Store.

In the GitHub Releases section, you will find two different versions of the extension. One, as required by BApp Store policy, requires Burp AI features and the extension AI flag to be enabled even when using local models such as Ollama (this applies only to Burp Suite Pro, since AI features are Pro-only and the extension behaves differently in the Community Edition). The other version allows the use of OpenAI-compatible models without enabling the AI flag or Burp AI features, which may be useful for penetration tests where it is mandatory to disable any third-party services.

A quick note on privacy and costs: when using Burp AI or a third-party OpenAI-compatible endpoint, your request and response data is sent to external infrastructure. If that’s a concern for a given engagement, you can instead point the extension to a local Ollama instance. Also, Burp AI is a paid service, like most cloud-based LLM services, so unless you use a local model, this extension will consume AI credits (or money). Burp Suite Pro currently includes 10,000 free AI credits; additional credits need to be purchased separately.

Burp Suite AI Reporter can be downloaded from my GitHub repository.