{"id":161319,"date":"2026-05-05T12:12:38","date_gmt":"2026-05-05T12:12:38","guid":{"rendered":"https:\/\/hnsecurity.it\/?p=161319"},"modified":"2026-05-05T12:12:38","modified_gmt":"2026-05-05T12:12:38","slug":"extending-burp-suite-for-fun-and-profit-the-montoya-way-part-10","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-10\/","title":{"rendered":"Extending Burp Suite for fun and profit \u2013 The Montoya way \u2013 Part 10"},"content":{"rendered":"
    \n
  1. Setting up the environment + Hello World<\/a><\/li>\n
  2. Inspecting and tampering HTTP requests and responses<\/a><\/li>\n
  3. Inspecting and tampering WebSocket messages<\/a><\/li>\n
  4. Creating new tabs for processing HTTP requests and responses<\/a><\/li>\n
  5. Adding new functionalities to the context menu (accessible by right-clicking)<\/a><\/li>\n
  6. Adding new checks to Burp Suite Active and Passive Scanner<\/a><\/li>\n
  7. Using the Collaborator in Burp Suite plugins<\/a><\/li>\n
  8. BChecks – A quick way to extend Burp Suite Active and Passive Scanner<\/a><\/li>\n
  9. Custom scan checks – An improved quick way to extend Burp Suite Active and Passive Scanner<\/a><\/li>\n
  10. Burp AI<\/strong><\/li>\n
  11. … and much more!<\/li>\n<\/ol>\n

     <\/p>\n

    Hi there!<\/p>\n

    To kick off my collaboration with PortSwigger as a Burp Suite Ambassador<\/a> and the Extensibility Month on PortSwigger Discord<\/a>, what better topic than AI, features recently introduced by PortSwigger to further expand the capabilities of the suite. On this topic, I\u2019m sure we\u2019ll see many new features in the future, but we already have APIs available that we can use to create powerful extensions!<\/p>\n

    For a couple of years now at HN Security we\u2019ve been dedicating part of our R&D time to the AI space, which has mainly led to the development of an internal AI red teaming methodology<\/strong>, but also to evaluating possible integrations of these technologies into our company\u2019s documentation tools and testing tools. At the moment, these integrations are still limited, both for compliance reasons and due to the agreements we have with our clients, but we are likely in a transition phase that could lead, in the near future, to a more pervasive use of these technologies, which could further improve the quality of our team\u2019s work.<\/p>\n

    This article will focus on the use of the AI features currently offered by PortSwigger within extensions, without going for the moment into detail about their use within the Burp GUI, as that would be out of scope for this series of articles.<\/p>\n

    To approach this topic, we are going to develop an extension that will simplify reporting of a issue, named AI Reporter<\/strong>. The idea is the following one: when we find an issue during our manual analyses, we want to use AI to analyze the request and response, extract the relevant information, and add a specific issue to Burp. For example, we\u2019re in Repeater, we discover a SQL injection, and from the context menu we select \u2018Report with AI\u2019, telling to the model that the current request proves a SQL injection. The tool will then take care of creating a specific issue for us with the details of the identified problem, including generic SQL Injection information and details on the particular issue extracted from request\/response.<\/p>\n

    Usually, I always publish a PoC target to test the extension, but this time it is not necessary. You can try the extension with any previous target or with any other target in which you found an issue (remember that the extension will send these details to a third party; so if you want to try the extension during a PT you should be allowed to use third party LLM models). If you need a convenient target, the PortSwigger Web Security Academy<\/a> has pretty much everything for any kind of application issue, such as SQL Injection labs<\/a>.<\/p>\n

    Disclaimer: this extension by using Burp\u2019s AI features consumes AI Credits. At the moment, every user with a Burp Suite Professional license has 10,000 free credits, and once they are finished, additional credits need to be purchased. The extension\u2019s credit consumption is usually moderate, but it also depends on the size of the request\/response being reported.<\/strong><\/p>\n

    Disclaimer 2: as mentioned previously, the reported requests and responses, along with the data entered in the popup created by the extension, are sent to PortSwigger\u2019s AI infrastructure. You can find more details on Burp AI policy in the Burp AI trust and compliance FAQ<\/a>.\u00a0<\/strong><\/p>\n

    So, let’s start from the beginning. How can we use AI in our extension? We can get a reference to the\u00a0Ai<\/em> object that we need from the usual MontoyaApi\u00a0<\/em>object that we get when we initialize an extension:<\/p>\n

    \"\"<\/p>\n

    As the documentation said, we need to do an extra step<\/strong>: in order to allow our extension to use AI features it need to declare its usage in the initialization:<\/p>\n

    \"\"<\/p>\n

    So, we can build the skeleton of a new extension, as explained in Part 1<\/a>, adding what it necessary to get access to the AI features:<\/p>\n

    package org.fd;\r\n\r\nimport burp.api.montoya.BurpExtension;\r\nimport burp.api.montoya.EnhancedCapability;\r\nimport burp.api.montoya.MontoyaApi;\r\nimport burp.api.montoya.ai.Ai;\r\nimport burp.api.montoya.logging.Logging;\r\n\r\nimport java.util.Set;\r\n\r\nimport static burp.api.montoya.EnhancedCapability.AI_FEATURES;\r\n\r\npublic class AiReporter implements BurpExtension {\r\n\r\n    MontoyaApi api;\r\n    Ai ai;\r\n    Logging logging;\r\n    AiEngine aiEngine;\r\n    boolean debug;\r\n\r\n    @Override\r\n    public void initialize(MontoyaApi api) {\r\n\r\n        \/\/ Save a reference to the MontoyaApi object\r\n        this.api = api;\r\n\r\n        \/\/ Save a reference to the AI object\r\n        this.ai = api.ai();\r\n\r\n        \/\/ api.logging() returns an object that we can use to print messages to stdout and stderr\r\n        this.logging = api.logging();\r\n\r\n        \/\/ Set the name of the extension\r\n        api.extension().setName(\"AI Reporter\");\r\n\r\n        \/\/ Print a message to the stdout\r\n        this.logging.logToOutput(\"*** AI Reporter loaded ***\");\r\n\r\n        \/\/ Check if AI is enabled\r\n        if(this.ai.isEnabled())\r\n            this.logging.logToOutput(\"* AI enabled!\");\r\n        else\r\n            this.logging.logToError(\"* AI NOT enabled!\");\r\n\r\n        \/\/ Other initialization things\r\n        [...]\r\n\r\n    }\r\n\r\n    @Override\r\n    public Set<EnhancedCapability> enhancedCapabilities()  {\r\n        return Set.of(AI_FEATURES);\r\n    }\r\n\r\n}<\/pre>\n
    As you can see, we declared the use of AI features by overriding the enhancedCapabilities\u00a0<\/em>function, returning a set containing the AI_FEATURES\u00a0<\/em>enum value.<\/p>\n
    Furthermore, at the end of the initialize\u00a0<\/em>function we used the\u00a0isEnabled<\/em> function to check if AI functionalities are currently enabled:<\/p>\n
    \"\"<\/p>\n
    Let’s spend a couple of word on when this method returns\u00a0true<\/em>, necessary for being able to use the prompt<\/em> method of the same class to use the AI features with our prompts.<\/p>\n
    First, as we just said, we have to override the enhancedCapabilities <\/em>(\u2705 done).<\/p>\n
    Second, AI features should be globally enabled in Burp Suite. You can check this point in the bottom right corner of Burp Suite:<\/p>\n
    \"\"<\/p>\n
    If that corner shows the “Disabled” message, AI features can be enabled in the Settings<\/em> of Burp Suite, section Ai<\/em>:<\/p>\n
    \"\"<\/p>\n
    Third and last point, we have to enabled AI functions in the Extensions tab. Here, some additional columns have been added to handle AI extensions, including a flag to enable\/disable AI features and the current AI credits consumption for each extension:<\/p>\n
    \"\"<\/p>\n
    If all these three conditions are met, we will read “* AI enabled!” in the Output pane of our extension.<\/p>\n
    Now, let’s have a look of the main class of the extension, named AiEngine.\u00a0<\/em>This class will define the object that we will use to use the AI in our extension, containing a simple prompt (that can be engineered on our preferences and needs) and the code that will use it.<\/p>\n
    package org.fd;\r\n\r\nimport burp.api.montoya.ai.Ai;\r\nimport burp.api.montoya.ai.chat.Message;\r\nimport burp.api.montoya.ai.chat.PromptException;\r\nimport burp.api.montoya.ai.chat.PromptResponse;\r\n\r\nimport static burp.api.montoya.ai.chat.Message.*;\r\n\r\npublic class AiEngine {\r\n\r\n    public static final String SYSTEM_MESSAGE = \"\"\"\r\n            You are an expert penetration tester and application security analyst. Your task is to analyze an HTTP request\/response pair in which a specific vulnerability has been identified.\r\n            \r\n            You will receive:\r\n            - The vulnerability name (issue type)\r\n            - The HTTP request\r\n            - The HTTP response\r\n            - Optionally, additional details provided by the analyst\r\n            \r\n            Your objectives:\r\n            1. **Analyze** the request and response to locate concrete evidence of the reported vulnerability.\r\n            2. **Generate a title** that is specific and descriptive for this particular instance of the vulnerability (do not just repeat the generic vulnerability name \u2014 include context such as the affected parameter, endpoint, or functionality).\r\n            3. **Generate a detailed description** of the finding that includes:\r\n               - What the vulnerability is and why it is a security concern\r\n               - Where exactly in the request\/response the vulnerability manifests (cite specific parameters, headers, response content, or behavior)\r\n               - The potential impact if exploited by an attacker\r\n            4. **Generate remediation advice** that is specific and actionable for this particular case, not just generic best practices.\r\n            \r\n            Rules:\r\n            - Be precise: reference actual values, parameters, endpoints, and response content from the provided data.\r\n            - If additional details are provided by the analyst, incorporate them into your analysis.\r\n            - If you cannot find clear evidence of the vulnerability in the request\/response, state this explicitly in the details field.\r\n            - Write in a professional tone suitable for a penetration testing report.\r\n            - Respond ONLY with a valid JSON object, no additional text before or after it.\r\n            \r\n            Output format (strict JSON):\r\n            {\r\n              \"title\": \"Specific descriptive title of the finding\",\r\n              \"details\": \"Detailed description including evidence, location, and impact\",\r\n              \"remediation\": \"Specific and actionable remediation steps\"\r\n            }\r\n            \"\"\";\r\n\r\n    private final Message systemMessage;\r\n    Ai ai;\r\n\r\n    public AiEngine(Ai ai) {\r\n        this.systemMessage = systemMessage(SYSTEM_MESSAGE);\r\n        this.ai = ai;\r\n    }\r\n\r\n    \/\/ Function that call LLM using history (may throw a PromptException exception)\r\n    public String execute(String userPrompt) throws PromptException {\r\n\r\n        if(this.ai.isEnabled()) {\r\n\r\n            \/\/ Create the message array that includes the system prompt and the user message\r\n            Message[] messages = new Message[]{systemMessage, userMessage(userPrompt)};\r\n\r\n            \/\/ We execute the LLM call\r\n            PromptResponse response = this.ai.prompt().execute(messages);\r\n\r\n            \/\/ We return the assistant response\r\n            return response.content();\r\n\r\n        } else {\r\n\r\n            return null;\r\n\r\n        }\r\n\r\n    }\r\n\r\n    public boolean isAiEnabled() {\r\n        return this.ai.isEnabled();\r\n    }\r\n\r\n}\r\n<\/pre>\n
    This class is very simple. We have a system prompt that instruct the LLM on the particular task and on the structure we expect for the output, a constructor the store the Ai <\/em>object of the Montoya API, and a function, execute<\/em>, that contains the main logic.<\/p>\n
    The\u00a0execute\u00a0<\/em>function first checks if the AI features are enabled and then calls the\u00a0execute<\/em> function of the Prompt<\/em> object, obtained from the Montoya API\u00a0Ai<\/em> object:<\/p>\n
    \"\"<\/p>\n
    The\u00a0execute\u00a0<\/em>function takes as argument a series<\/strong> of messages (an array of Message<\/em> object), and not a single message. Why? This is because the APIs are structured in a way that allows us to separate the system prompt from the user messages and the assistant\u2019s responses. In the end, everything will be sent to the LLM itself all together (because the LLMs work that way), but the AI services offered by PortSwigger<\/span><\/span> will likely provide a structured separation of these messages, allowing the LLM to better understand who the different messages are coming from. The different message types we can use are the following ones:<\/p>\n
    \"\"<\/p>\n
    In a simple flow, like in our extension, we send the LLM two messages, a system message (with the prompt) plus a user message (with the user\u2019s question), and we receive an assistant message (with the response) in return. However, we can use these APIs to create more complex extensions, such as a chat with history, in which at each interaction we send to the LLM multiple user and assistant messages, and all those interactions are used by the LLM to produce its responses. In our extension we don’t need to maintain history but it is an interesting use case and I will add a PoC example at the end of the article<\/strong> that shows how to use history in AI extensions.<\/p>\n
    Now let\u2019s go back to our extension. We\u2019ve looked at the object that will handle the AI part. Now we need to build the structure around it. We want to right-click on a request and directly create the issue, using AI to analyze the request\/response and write the issue. Therefore, we need to use Burp Suite ContextMenuItemsProvider<\/em> APIs. We will look quickly at this portion of the extension, as we dived deeply in these functionalities in part 5<\/a> of this tutorial. We will put the context menu login in a dedicated class, named\u00a0AiReportedContextProvider<\/em>.<\/p>\n
    package org.fd;\r\n\r\nimport [...]\r\n\r\npublic class AiReporterContextProvider implements ContextMenuItemsProvider {\r\n\r\n    MontoyaApi api;\r\n    Logging logging;\r\n    JsonUtils jsonUtils;\r\n    AiEngine aiEngine;\r\n    boolean debug;\r\n\r\n    public AiReporterContextProvider(MontoyaApi api, AiEngine aiEngine, boolean debug) {\r\n\r\n        \/\/ Save a reference to the MontoyaApi object\r\n        this.api = api;\r\n        \/\/ Save a reference to the logging object of the MontoyaApi\r\n        this.logging = api.logging();\r\n        \/\/ Save a reference to JSON utilities\r\n        this.jsonUtils = api.utilities().jsonUtils();\r\n        \/\/ Save a reference to the object defined to handle AI\r\n        this.aiEngine = aiEngine;\r\n        \/\/ Debug variable\r\n        this.debug = debug;\r\n\r\n    }\r\n\r\n    public void reportWithAi(String vulnerability, AuditIssueSeverity severity, AuditIssueConfidence confidence,\r\n                             String additionalDetails, HttpRequestResponse reqRes) {\r\n        [...]\r\n    }\r\n\r\n    @Override\r\n    public List<Component> provideMenuItems(ContextMenuEvent event) {\r\n\r\n        \/\/ Initialize an empty list that will contains our context menu entries\r\n        List<Component> menuItems = new ArrayList<Component>();\r\n\r\n        \/\/ Create the menu only if the menu has been created on a request\/response object\r\n        event.messageEditorRequestResponse().ifPresent(messageEditorReqRes -> {\r\n\r\n            \/\/ Get the HTTP message\r\n            HttpRequestResponse reqRes = messageEditorReqRes.requestResponse();\r\n\r\n            \/\/ Add the \"Report with AI\" context menu item with its listener\r\n            JMenuItem reportWithAiItem = new JMenuItem(\"Report with AI\");\r\n            reportWithAiItem.addActionListener(al -> {\r\n\r\n                \/\/ Show only if AI features are enabled\r\n                if(this.aiEngine.isAiEnabled()) {\r\n\r\n                    AiReporterDialog dialog = AiReporterDialog.show(null);\r\n\r\n                    \/\/ If the dialog is confirmed call the reportWithAi function that will call the LLM and report the issue\r\n                    if (dialog.isConfirmed()) {\r\n                        String vulnerability = dialog.getVulnerability();\r\n                        AuditIssueSeverity severity = dialog.getSeverity();\r\n                        AuditIssueConfidence confidence = dialog.getConfidence();\r\n                        String additionalDetails = dialog.getAdditionalDetails();\r\n\r\n                        \/\/ A new thread is necessary because we cannot call the LLM function inside the GUI thread\r\n                        \/\/ to avoid blocking Burp\r\n                        new Thread(() -> {\r\n                            reportWithAi(vulnerability, severity, confidence, additionalDetails, reqRes);\r\n                        }).start();\r\n\r\n                    }\r\n\r\n                } else {\r\n\r\n                    JOptionPane.showMessageDialog(null, \"Please enable Burp AI features to \" +\r\n                                    \"use this extension (additional costs may be charged)\",\r\n                            \"Burp AI disabled\", JOptionPane.INFORMATION_MESSAGE);\r\n                }\r\n\r\n            });\r\n\r\n            menuItems.add(reportWithAiItem);\r\n\r\n        });\r\n\r\n        return menuItems;\r\n\r\n    }\r\n\r\n}<\/pre>\n
    This code simply saves references to objects we will use in the constructor and then override the provideMenuItems\u00a0<\/em>function of the implemented ContextMenuItemsProvider<\/em> interface. Here we add the “Report with AI” context menu entry only if the user clicked on a request\/response and if the AI features are enabled. Once clicked, a new popup is shown to the user, designed in class AiReporterDialog\u00a0<\/em>with Java Swing, asking for a couple of information that will be used during generation. In this chapter, we won\u2019t go into detail about how to create graphical user interfaces in Java (not a fun task at all, trust me!). We might cover an introduction in future episodes. If you need to create a Java GUI before then, Claude\/Gemini\/ChatGPT & co. will definitely be able to help you! The popup, once opened, will look this way:<\/p>\n
    \"\"<\/p>\n
    “Severity” and “confidence” will be used only to create the issue, while “vulnerability” and “additional details” will be supplied to the LLM, together with the request\/response for the generation. The idea is the following: in most cases, it\u2019s enough to enter the title of the issue (e.g., SQL Injection), and the LLM will take care of identifying the issue in the request\/response, extracting the important information, and generating the issue report.<\/p>\n
    \u201cAdditional details\u201d is occasionally used for issues where there is no direct evidence of the problem in the single request\/response. For example, in the case of an authorization bypass, the user can specify that the current user he is using does not have access to the resource he was able to access in the request\/response selected for the report (information that is not contained in the response itself). We will see a couple of examples of the extension in use in a moment.<\/p>\n
    Now, let’s have a look to the function reportWithAi, <\/em>that will call the Ai engine and report the issue:<\/p>\n
    \/\/ Burp AI often returns markdown code block tags in the response also if denied in the prompt.\r\n\/\/ This method strip markdown code block tags in the response using Lambda expressions.\r\nprivate String cleanJsonResponse(String response) {\r\n    return response.lines()\r\n            .filter(line -> !line.trim().startsWith(\"```\"))\r\n            .collect(Collectors.joining(\"\\n\"))\r\n            .trim();\r\n}\r\n\r\n\/\/ Call the AI Engine and report the issue\r\npublic void reportWithAi(String vulnerability, AuditIssueSeverity severity, AuditIssueConfidence confidence, String additionalDetails, HttpRequestResponse reqRes) {\r\n\r\n    \/\/ If AI features are enabled\r\n    if(this.aiEngine.isAiEnabled()) {\r\n\r\n        \/\/ User message format\r\n        String userMessage = \"\"\"\r\n                Vulnerability name: %s\r\n                \r\n                HTTP Request:\r\n                %s\r\n                \r\n                HTTP Response:\r\n                %s\r\n                \r\n                Additional details: %s\r\n                \"\"\".formatted(vulnerability, reqRes.request().toString(),\r\n                    reqRes.response().toString(), additionalDetails);\r\n\r\n        String title;\r\n        String details;\r\n        String remediation;\r\n\r\n        try  {\r\n            \/\/ Call the LLM with the user message\r\n            String promptResponse = aiEngine.execute(userMessage);\r\n\r\n            if(promptResponse != null) {\r\n\r\n                \/\/ Remove markdown code block tags in LLM response\r\n                String cleanedResponse = cleanJsonResponse(promptResponse);\r\n\r\n                \/\/ LLM response is formatted in JSON, as requested in our prompt\r\n                if (this.jsonUtils.isValidJson(cleanedResponse)) {\r\n\r\n                    \/\/ Extract from JSON the details of the issue generated by the LLM\r\n                    title = this.jsonUtils.readString(cleanedResponse, \"title\");\r\n                    details = this.jsonUtils.readString(cleanedResponse, \"details\");\r\n                    remediation = this.jsonUtils.readString(cleanedResponse, \"remediation\");\r\n\r\n                } else {\r\n                    this.logging.logToError(\"* AI Reporter: invalid JSON in AI response\");\r\n                    return;\r\n                }\r\n\r\n            } else {\r\n                this.logging.logToError(\"* AI Reporter: AI not enabled\");\r\n                return;\r\n            }\r\n\r\n        } catch (PromptException e)  {\r\n            this.logging.logToError(\"Issue executing prompt\", e);\r\n            return;\r\n        }\r\n\r\n        \/\/ Report issue in Burp Suite with AI details\r\n        AuditIssue auditIssue = AuditIssue.auditIssue(title,\r\n                details,\r\n                remediation,\r\n                reqRes.request().url(),\r\n                severity,\r\n                confidence,\r\n                null, \/\/ background\r\n                null, \/\/ remediationBackground\r\n                severity,\r\n                reqRes);\r\n\r\n        this.api.siteMap().add(auditIssue);\r\n\r\n    } else {\r\n        this.logging.logToError(\"* AI Reporter: AI features disabled.\");\r\n    }\r\n\r\n}<\/pre>\n
    The reportWithAi<\/em> method takes as arguments all the information entered by the user in the popup plus the request\/response pair. This information is included in the user message, which will then be sent to the LLM together with the system prompt.<\/p>\n
    As we saw earlier, the prompt asks the LLM to generate the response in JSON format, so we will use the JSON utilities provided by the Montoya API (api.utilities().jsonUtils()<\/em>) to extract the title, details, and remediation from the response received from the LLM. However, you can see from the code that before extracting the JSON values the clearJsonResponse<\/em> method is executed on the response obtained from the LLM. The reason is that the LLM often (though not always) returned the JSON wrapped inside Markdown code blocks (“`), even when explicitly forbidden in the prompt. With LLMs, situations like this can happen and can often be resolved by tuning the prompt. In this case, even after some prompt tuning, I would occasionally still get Markdown tags, so I preferred to strip them out in code.<\/p>\n
    Finally, we use the information extracted from the LLM response to create an issue in Burp Suite (for more information on this topic, refer to Part 6<\/a>).<\/p>\n
    Our extension is now complete. We have only to register the context menu item provider in the\u00a0initialize<\/em> function:<\/p>\n
    public class AiReporter implements BurpExtension {\r\n\r\n    [...]\r\n\r\n    @Override\r\n    public void initialize(MontoyaApi api) {\r\n\r\n        [...]\r\n\r\n        \/\/ Register our Context Menu Item Provider\r\n        AiReporterContextProvider customContextMenuItemProvider = new AiReporterContextProvider(api,this.aiEngine, this.debug);\r\n        api.userInterface().registerContextMenuItemsProvider(customContextMenuItemProvider);\r\n\r\n    }\r\n\r\n}\r\n\r\n<\/pre>\n
    Now we can build the extension and try it on a couple of vulnerable requests (refer to Part 1<\/a> to details on how to compile and package the extension).<\/p>\n
    Let’s start with a simple SQL Injection.<\/p>\n
    \"\"<\/p>\n
    Let’s try our extension supplying only the title:<\/p>\n
    \"\"<\/p>\n
    And here the result:<\/p>\n
    \"\"<\/p>\n
    Now, let’s try with a simple reflected XSS:<\/p>\n
    \"\"<\/p>\n
    As before, we simply supply a generic title to the issue:<\/p>\n
    \"\"<\/p>\n
    And here the result:<\/p>\n
    \"\"<\/p>\n
    Finally, let’s try our extension on an authorization bypass (direct object reference). In this example we can see details of transfer with ID 3 with a user that should not have access to it:<\/p>\n
    \"\"<\/p>\n
    We supply this additional information to the LLM because it cannot infer it simply by the request\/response.<\/p>\n
    \"\"<\/p>\n
    And here the result:<\/p>\n
    \"\"<\/p>\n
    As we can see, with a simple prompt we got some pretty good results. Obviously, we can improve the results in order to fit better the results with our needs. Some examples of improvements we can implement on our prompt are:<\/p>\n