[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-11234":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":9,"totalLinesOfCode":9,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":9,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":39,"readmeContent":40,"aiSummary":41,"trendingCount":16,"starSnapshotCount":16,"syncStatus":42,"lastSyncTime":43,"discoverSource":44},11234,"burp-ai-agent","six2dez\u002Fburp-ai-agent","six2dez","Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more",null,"https:\u002F\u002Fgithub.com\u002Fsix2dez\u002Fburp-ai-agent","Kotlin",1215,191,11,3,0,19,36,115,57,19.85,false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38],"bugbounty","burp","burp-extensions","burp-plugin","burp-suite","hacking","pentesting","security","ai","web-security","appsec","kotlin","llm","mcp","2026-06-12 02:02:30","# Burp AI Agent\n\n**The bridge between Burp Suite and modern AI.**\n\n\u003C!-- screenshot: main extension tab with chat and settings visible -->\n![Burp AI Agent Screenshot](screenshots\u002Fmain-tab.png)\n\nBurp AI Agent is an extension for Burp Suite that integrates AI into your security workflow. Use local models or cloud providers, connect external AI agents via MCP, and let passive\u002Factive scanners find vulnerabilities while you focus on manual testing.\n\n## Highlights\n\n- **10 AI Backends** — Burp AI (built-in), Ollama, LM Studio, NVIDIA NIM, Generic OpenAI-compatible, Gemini CLI, Claude CLI, Codex CLI, OpenCode CLI, Copilot CLI.\n- **53+ MCP Tools** — Let Claude Desktop (or any MCP client) drive Burp autonomously.\n- **62 Vulnerability Classes** — Passive and Active AI scanners across injection, auth, crypto, and more.\n- **Burp Scan Skill** — Use your preferred AI coding assistant (Claude Code, Gemini CLI, Codex, etc.) as a scanner via MCP.\n- **3 Privacy Modes** — STRICT \u002F BALANCED \u002F OFF. Redact sensitive data before it leaves Burp.\n- **Custom Prompt Library** — Save free-form prompts per context (HTTP request or scanner issue); launch them from the right-click menu or type ad-hoc ones via `Custom…`.\n- **Audit Logging** — JSONL with SHA-256 integrity hashing for compliance; every launch stamped with `promptSource` \u002F `contextKind` for reproducibility.\n\n## Quick Start\n\n### 1. Install\n\nDownload the latest JAR from [Releases](https:\u002F\u002Fgithub.com\u002Fsix2dez\u002Fburp-ai-agent\u002Freleases), or build from source (Java 21):\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fsix2dez\u002Fburp-ai-agent.git\ncd burp-ai-agent\nJAVA_HOME=\u002Fpath\u002Fto\u002Fjdk-21 .\u002Fgradlew clean shadowJar\n# Output: build\u002Flibs\u002FCustom-AI-Agent-\u003Cversion>.jar\n```\n\n### 2. Load into Burp\n\n1. Open Burp Suite (Community or Professional).\n2. Go to **Extensions > Installed > Add**.\n3. Select **Java** as extension type and choose the `.jar` file.\n\n\u003C!-- screenshot: Burp Extensions > Add dialog with the JAR loaded -->\n![Load Extension](screenshots\u002Fburp-extensions-add.png)\n\n### 3. Agent Profiles\n\nThe extension auto-installs the bundled profiles into `~\u002F.burp-ai-agent\u002FAGENTS\u002F` on first run.\nDrop additional `*.md` files in that directory to add custom profiles.\n\n### 4. Configure a Backend\n\nOpen the **AI Agent** tab and go to **Settings**. Pick a backend:\n\n| Backend | Type | Setup |\n| :--- | :--- | :--- |\n| **Burp AI (built-in)** | In-process | Use Burp Suite Pro's built-in AI when available; no extra config required. |\n| **Ollama** | Local HTTP | Install [Ollama](https:\u002F\u002Follama.com), run `ollama serve`, pull a model (`ollama pull llama3.1`). |\n| **LM Studio** | Local HTTP | Install [LM Studio](https:\u002F\u002Flmstudio.ai), load a model, start the server. |\n| **NVIDIA NIM** | HTTP | Use the default `https:\u002F\u002Fintegrate.api.nvidia.com` endpoint, set your NVIDIA API key, and choose a model such as `moonshotai\u002Fkimi-k2.5`. |\n| **Generic OpenAI-compatible** | HTTP | Provide a base URL and model for any OpenAI-compatible provider. |\n| **Gemini CLI** | Cloud CLI | Install `gemini`, run `gemini auth login`. |\n| **Claude CLI** | Cloud CLI | Install `claude`, set `ANTHROPIC_API_KEY` or run `claude login`. |\n| **Codex CLI** | Cloud CLI | Install `codex`, set `OPENAI_API_KEY`. |\n| **OpenCode CLI** | Cloud CLI | Install `opencode`, configure provider credentials. |\n| **Copilot CLI** | Cloud CLI | Install `copilot` and sign in with your GitHub account. |\n\nFor **NVIDIA NIM**, the backend expects the same chat-completions style flow as the NVIDIA hosted endpoint. A working configuration is:\n\n```text\nBackend: NVIDIA NIM\nBase URL: https:\u002F\u002Fintegrate.api.nvidia.com\nModel: moonshotai\u002Fkimi-k2.5\nAPI Key: \u003Cyour nvapi token>\n```\n\nLeave extra headers empty unless your gateway requires them. The extension sends requests to `\u002Fv1\u002Fchat\u002Fcompletions` and uses the configured bearer token automatically.\n\n### 5. Run Your First Analysis\n\n1. Browse a target through Burp Proxy.\n2. Right-click any request in **Proxy > HTTP History**.\n3. Select **Extensions > Burp AI Agent > Analyze this request**.\n4. A chat session opens with the AI analysis.\n\n\u003C!-- screenshot: right-click context menu showing Burp AI Agent actions -->\n![Context Menu](screenshots\u002Fcontext-menu-request.png)\n\n### 6. Connect Claude Desktop via MCP (Optional)\n\nEnable the MCP server in **Settings > MCP Server** and add this to your Claude Desktop config:\n\n**macOS**: `~\u002FLibrary\u002FApplication Support\u002FClaude\u002Fclaude_desktop_config.json`\n**Windows**: `%APPDATA%\\Claude\\claude_desktop_config.json`\n\n```json\n{\n  \"mcpServers\": {\n    \"burp-ai-agent\": {\n      \"command\": \"npx\",\n      \"args\": [\n        \"-y\",\n        \"supergateway\",\n        \"--sse\",\n        \"http:\u002F\u002F127.0.0.1:9876\u002Fsse\"\n      ]\n    }\n  }\n}\n```\n\n> Requires Node.js 18+. If you enable **External Access**, the MCP client must send `Authorization: Bearer \u003Ctoken>` on every request.\n\n## Burp Scan Skill (Terminal AI Scanning)\n\nThe `burp-scan` skill lets you use any AI coding assistant (Claude Code, Gemini CLI, Codex, etc.) as a Burp scanner from your terminal. Instead of the plugin's built-in AI, **your terminal AI becomes the reasoning engine** while Burp provides the tools via MCP.\n\n### What It Contains\n\n- 53+ MCP tool reference organized by scanning action\n- Passive analysis protocol (traffic analysis without sending requests)\n- Active testing payload library (200+ payloads for 62 vuln classes with detection patterns)\n- End-to-end scanning workflow (scope -> passive -> active -> OOB -> report)\n- Issue creation protocol with severity\u002Fconfidence mapping\n\n### Install for Claude Code\n\nCopy the skill to your Claude Code skills directory:\n\n```bash\n# Global (available in all projects)\ncp -r skills\u002Fburp-scan ~\u002F.claude\u002Fskills\u002Fburp-scan\n\n# Or project-specific\ncp -r skills\u002Fburp-scan .claude\u002Fskills\u002Fburp-scan\n```\n\nThen use `\u002Fburp-scan` in Claude Code or let it trigger automatically when you mention Burp scanning.\n\n### Install for Other AI Assistants\n\nThe skill is a standalone Markdown file at [`skills\u002Fburp-scan\u002FSKILL.md`](skills\u002Fburp-scan\u002FSKILL.md). You can use it with any AI assistant that supports system prompts or context files:\n\n- **Gemini CLI \u002F Codex \u002F OpenCode**: Add as a context file or paste into your system prompt\n- **Custom MCP clients**: Include the skill content as system context alongside your MCP connection\n- **Any LLM**: The file is self-contained — feed it as context along with your MCP tool definitions\n\n### Usage Example\n\n```\nYou: Connect to Burp MCP at localhost:9876 and scan the proxy history for IDOR vulnerabilities\n\nAI: [Uses proxy_http_history to pull traffic]\n    [Identifies endpoints with numeric IDs]\n    [Sends http1_request with ID+1, ID-1 payloads]\n    [Compares responses for different user data]\n    [Creates issue_create for confirmed IDOR]\n```\n\n> The skill and the plugin's built-in scanner are complementary: the plugin runs automated background scanning, while the skill enables interactive, analyst-guided scanning from your terminal.\n\n## Documentation\n\nFull documentation is available at **[burp-ai-agent.six2dez.com](https:\u002F\u002Fburp-ai-agent.six2dez.com)**.\n\n- [Installation](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fgetting-started\u002Finstallation)\n- [Quick Start](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fgetting-started\u002Fquick-start)\n- [UI Tour](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fuser-guide\u002Fui-tour)\n- [Agent Profiles](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fuser-guide\u002Fagent-profiles)\n- [Passive Scanner](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fscanners\u002Fpassive)\n- [Active Scanner](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fscanners\u002Factive)\n- [MCP Overview](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fmcp\u002Foverview)\n- [Privacy Modes](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fprivacy\u002Fprivacy-modes)\n- [Settings Reference](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Freference\u002Fsettings-reference)\n- [Troubleshooting](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Freference\u002Ftroubleshooting)\n- [Burp Scan Skill](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fuser-guide\u002Fburp-scan-skill)\n\n## Operator Playbooks\n\n- [MCP Hardening](docs\u002Fmcp-hardening.md)\n- [UI Safety Guide](docs\u002Fui-safety-guide.md)\n- [Backend Troubleshooting](docs\u002Fbackend-troubleshooting.md)\n\nSettings are schema-versioned internally (`settings.schema.version`) and migrated additively on load for safe upgrades.\n\n## Requirements\n\n- **Burp Suite** Community or Professional (2023.12+)\n- **Java 21** (bundled with modern Burp for runtime; required separately for building from source)\n- At least one AI backend configured (see table above)\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n\n## Disclaimer\n\nUsage of Burp AI Agent for attacking targets without prior consent is illegal. It is the user's responsibility to obey all applicable laws. The developers assume no liability for misuse or damage caused by this tool. Use responsibly.\n\n## Contributing\n\nIssues and pull requests are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines, or the [Developer docs](https:\u002F\u002Fburp-ai-agent.six2dez.com\u002Fdeveloper\u002Farchitecture) for architecture details.\n","Burp AI Agent 是一个用于 Burp Suite 的扩展，它集成了现代AI工具以增强安全工作流程。该扩展支持多达10种AI后端和53个以上的MCP工具，能够通过被动和主动扫描检测62类漏洞，并提供三种隐私模式来保护敏感数据。此外，用户可以自定义提示库并利用审计日志确保操作的可追溯性。此项目特别适合需要进行Web安全测试、渗透测试以及漏洞赏金猎取的专业人士使用，尤其在希望结合人工智能技术提高效率与准确性的情境下。开发语言为Kotlin，且无需额外许可证即可使用。",2,"2026-06-11 03:31:29","trending"]