{"id":43325139,"url":"https://github.com/six2dez/burp-ai-agent","last_synced_at":"2026-03-07T11:04:47.645Z","repository":{"id":335330571,"uuid":"1143535772","full_name":"six2dez/burp-ai-agent","owner":"six2dez","description":"Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more","archived":false,"fork":false,"pushed_at":"2026-02-26T17:36:24.000Z","size":1663,"stargazers_count":697,"open_issues_count":3,"forks_count":112,"subscribers_count":10,"default_branch":"main","last_synced_at":"2026-02-26T23:43:47.276Z","etag":null,"topics":["ai","appsec","bugbounty","burp","burp-extensions","burp-plugin","burp-suite","hacking","kotlin","llm","mcp","pentesting","security","web-security"],"latest_commit_sha":null,"homepage":"https://burp-ai-agent.six2dez.com/","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/six2dez.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"six2dez","buy_me_a_coffee":"six2dez","custom":["https://www.paypal.com/paypalme/six2dez"]}},"created_at":"2026-01-27T17:44:17.000Z","updated_at":"2026-02-26T22:52:49.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/six2dez/burp-ai-agent","commit_stats":null,"previous_names":["six2dez/burp-ai-agent"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/six2dez/burp-ai-agent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/six2dez%2Fburp-ai-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/six2dez%2Fburp-ai-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/six2dez%2Fburp-ai-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/six2dez%2Fburp-ai-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/six2dez","download_url":"https://codeload.github.com/six2dez/burp-ai-agent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/six2dez%2Fburp-ai-agent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30212104,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T09:02:10.694Z","status":"ssl_error","status_checked_at":"2026-03-07T09:02:08.429Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","appsec","bugbounty","burp","burp-extensions","burp-plugin","burp-suite","hacking","kotlin","llm","mcp","pentesting","security","web-security"],"created_at":"2026-02-01T23:06:01.391Z","updated_at":"2026-03-07T11:04:47.615Z","avatar_url":"https://github.com/six2dez.png","language":"Kotlin","funding_links":["https://github.com/sponsors/six2dez","https://buymeacoffee.com/six2dez","https://www.paypal.com/paypalme/six2dez"],"categories":["MCP Servers","ai","Servers","burpsuite插件","MCP Servers \u0026 Protocol","Pentest \u0026 Red Teaming Agents"],"sub_categories":["Security \u0026 Reverse Engineering","Security"],"readme":"# Burp AI Agent\n\n**The bridge between Burp Suite and modern AI.**\n\n\u003c!-- screenshot: main extension tab with chat and settings visible --\u003e\n![Burp AI Agent Screenshot](screenshots/main-tab.png)\n\nBurp AI Agent is an extension for Burp Suite that integrates AI into your security workflow. Use local models or cloud providers, connect external AI agents via MCP, and let passive/active scanners find vulnerabilities while you focus on manual testing.\n\n## Highlights\n\n- **7 AI Backends** — Ollama, LM Studio, Generic OpenAI-compatible, Gemini CLI, Claude CLI, Codex CLI, OpenCode CLI.\n- **53+ MCP Tools** — Let Claude Desktop (or any MCP client) drive Burp autonomously.\n- **62 Vulnerability Classes** — Passive and Active AI scanners across injection, auth, crypto, and more.\n- **3 Privacy Modes** — STRICT / BALANCED / OFF. Redact sensitive data before it leaves Burp.\n- **Audit Logging** — JSONL with SHA-256 integrity hashing for compliance.\n\n## Quick Start\n\n### 1. Install\n\nDownload the latest JAR from [Releases](https://github.com/six2dez/burp-ai-agent/releases), or build from source (Java 21):\n\n```bash\ngit clone https://github.com/six2dez/burp-ai-agent.git\ncd burp-ai-agent\nJAVA_HOME=/path/to/jdk-21 ./gradlew clean shadowJar\n# Output: build/libs/Burp-AI-Agent-\u003cversion\u003e.jar\n```\n\n### 2. Load into Burp\n\n1. Open Burp Suite (Community or Professional).\n2. Go to **Extensions \u003e Installed \u003e Add**.\n3. Select **Java** as extension type and choose the `.jar` file.\n\n\u003c!-- screenshot: Burp Extensions \u003e Add dialog with the JAR loaded --\u003e\n![Load Extension](screenshots/burp-extensions-add.png)\n\n### 3. Agent Profiles\n\nThe extension auto-installs the bundled profiles into `~/.burp-ai-agent/AGENTS/` on first run.\nDrop additional `*.md` files in that directory to add custom profiles.\n\n### 4. Configure a Backend\n\nOpen the **AI Agent** tab and go to **Settings**. Pick a backend:\n\n| Backend | Type | Setup |\n| :--- | :--- | :--- |\n| **Ollama** | Local HTTP | Install [Ollama](https://ollama.com), run `ollama serve`, pull a model (`ollama pull llama3.1`). |\n| **LM Studio** | Local HTTP | Install [LM Studio](https://lmstudio.ai), load a model, start the server. |\n| **Generic OpenAI-compatible** | HTTP | Provide a base URL and model for any OpenAI-compatible provider. |\n| **Gemini CLI** | Cloud CLI | Install `gemini`, run `gemini auth login`. |\n| **Claude CLI** | Cloud CLI | Install `claude`, set `ANTHROPIC_API_KEY` or run `claude login`. |\n| **Codex CLI** | Cloud CLI | Install `codex`, set `OPENAI_API_KEY`. |\n| **OpenCode CLI** | Cloud CLI | Install `opencode`, configure provider credentials. |\n\n### 5. Run Your First Analysis\n\n1. Browse a target through Burp Proxy.\n2. Right-click any request in **Proxy \u003e HTTP History**.\n3. Select **Extensions \u003e Burp AI Agent \u003e Analyze this request**.\n4. A chat session opens with the AI analysis.\n\n\u003c!-- screenshot: right-click context menu showing Burp AI Agent actions --\u003e\n![Context Menu](screenshots/context-menu-request.png)\n\n### 6. Connect Claude Desktop via MCP (Optional)\n\nEnable the MCP server in **Settings \u003e MCP Server** and add this to your Claude Desktop config:\n\n**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`\n**Windows**: `%APPDATA%\\Claude\\claude_desktop_config.json`\n\n```json\n{\n  \"mcpServers\": {\n    \"burp-ai-agent\": {\n      \"command\": \"npx\",\n      \"args\": [\n        \"-y\",\n        \"@modelcontextprotocol/server-sse\",\n        \"http://127.0.0.1:9876/sse\"\n      ]\n    }\n  }\n}\n```\n\n\u003e Requires Node.js 18+. If you enable **External Access**, the MCP client must send `Authorization: Bearer \u003ctoken\u003e` on every request.\n\n## Documentation\n\nFull documentation is available at **[burp-ai-agent.six2dez.com](https://burp-ai-agent.six2dez.com)**.\n\n- [Installation](https://burp-ai-agent.six2dez.com/getting-started/installation)\n- [Quick Start](https://burp-ai-agent.six2dez.com/getting-started/quick-start)\n- [UI Tour](https://burp-ai-agent.six2dez.com/user-guide/ui-tour)\n- [Agent Profiles](https://burp-ai-agent.six2dez.com/user-guide/agent-profiles)\n- [Passive Scanner](https://burp-ai-agent.six2dez.com/scanners/passive)\n- [Active Scanner](https://burp-ai-agent.six2dez.com/scanners/active)\n- [MCP Overview](https://burp-ai-agent.six2dez.com/mcp/overview)\n- [Privacy Modes](https://burp-ai-agent.six2dez.com/privacy/privacy-modes)\n- [Settings Reference](https://burp-ai-agent.six2dez.com/reference/settings-reference)\n- [Troubleshooting](https://burp-ai-agent.six2dez.com/reference/troubleshooting)\n\n## Requirements\n\n- **Burp Suite** Community or Professional (2023.12+)\n- **Java 21** (bundled with modern Burp for runtime; required separately for building from source)\n- At least one AI backend configured (see table above)\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n\n## Disclaimer\n\nUsage of Burp AI Agent for attacking targets without prior consent is illegal. It is the user's responsibility to obey all applicable laws. The developers assume no liability for misuse or damage caused by this tool. Use responsibly.\n\n## Contributing\n\nIssues and pull requests are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines, or the [Developer docs](https://burp-ai-agent.six2dez.com/developer/architecture) for architecture details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsix2dez%2Fburp-ai-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsix2dez%2Fburp-ai-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsix2dez%2Fburp-ai-agent/lists"}