AI HTTP ANALYZER is an advanced security analysis assistant integrated into Burp Suite. It examines HTTP requests and responses for potential security vulnerabilities such as SQL injection, XSS, CSRF, and other threats. The extension provides focused technical analysis, including quick identification of detected vulnerabilities, clear technical steps for exploitation, and PoC examples and payloads where applicable.

Features

• Analyze HTTP requests and responses for security vulnerabilities
• Provide technical analysis and exploitation steps
• Include PoC examples and payloads
• Integrate with Burp Suite's UI and context menu
• Real-time vulnerability assessments
• AI-powered context-aware analysis
• Generate Proof-of-Concept exploits
• Custom PoC script generation
• Payload customization for specific scenarios

Usage

1. Right-click on a request/response from the Proxy, Repeater or Target tool tab and "Send to AI HTTP Analyzer".
2. Go to the AI HTTP Analyzer tab, and select the tab for your request.
3. Configure your analysis options.
   • Use the checkbox to include or exclude the request and response in your analysis.
   • Enter a custom prompt in the text field for specific analysis requirements.
     For example:
     Check for IDOR vulnerabilities in this endpoint.
Analyze the authentication mechanism in this request.
Suggest possible SQL injection points in this request.
Generate bypass payloads for the WAF patterns in this response.
4. Click the "Analyze with AI HTTP Analyzer" button.
5. Review the returned AI response.

Prompt guide

Best practices for writing prompts:

• Be specific about what you want to analyze.
• Include the type of vulnerability you're looking for.
• Ask for specific payload suggestions when needed.
• Request exploitation steps if applicable.

The AI will analyze:

• The selected request/response (if checked)
• Your custom prompt
• The context of the HTTP interaction

Proof-of-concept generation

AI HTTP Analyzer can help security professionals generate and customize proof-of-concept exploits in various ways:

1. Automated PoC Generation:
   • Request PoC scripts for detected vulnerabilities.
   • Get working exploit code examples.
   • Receive customized payloads for specific scenarios
2. Example PoC Prompts:
   • Generate a PoC script for this XSS vulnerability.
   • Create a Python script to exploit this SQL injection.
   • Provide a curl command to reproduce this SSRF vulnerability.
   • Generate a working payload to bypass this authentication mechanism.
3. PoC Customization:
   • Request language-specific implementations (Python, JavaScript, curl, etc.).
   • Get explanations for each part of the exploit.
   • Receive guidance on safe testing practices.
4. Security Testing Workflow:
   • Identify vulnerability.
   • Generate PoC code.
   • Customize exploit parameters.
   • Validate the vulnerability.
   • Document findings.