BurpAI brings the power of multi-model AI to your security testing workflow. Analyze HTTP requests in real-time and identify vulnerabilities with enterprise-grade AI models.
β¨ Features
Multi-Model AI
11 AI models with automatic failover. Switch between Kimi, DeepSeek, GLM, Qwen, LLaMA, and more.
Real-Time Analysis
Background threadingβzero UI lag. Analyze requests instantly without blocking your workflow.
Smart Detection
Priority detection for P1/P2 vulnerabilities: RCE, IDOR, SQLi, Auth bypass, and more.
Native Repeater
Built-in request/response editing with Burp's native editors. Full control in one place.
Request History
Automatic tracking of 1000+ requests. Never lose context on your security tests.
Interactive Chat
Custom prompts for targeted analysis. Ask the AI security expert any question.
π Quick Start
1. Get API Key
Sign up for DigitalOcean AI and create an API key.
2. Load Extension
Burp Suite β Extensions β Add β Select burpaai.py
3. Configure
Enter your DigitalOcean API key in the BurpAI tab β Click Save
4. Analyze
Load any request in Repeater β Click Analyze with AI β Review results
π§ Supported Models
Automatic failover across 11 enterprise-grade AI models:
π Requirements
| Requirement | Details |
|---|---|
| Burp Suite | Pro or Community Edition (latest) |
| API Key | DigitalOcean AI (free tier available) |
| Java | 8+ (included with Burp) |
| Network | HTTPS outbound to AI API |
π‘οΈ Security First
BurpAI is built with security as a core principle:
β HTTPS-only API communication
β No telemetry or tracking
β Local-only data storage
β User-managed API keys
β Open-source for transparency
π Report Security Vulnerabilities
Found an issue? Use GitHub Security Advisory to report privately.
π₯ Download
Get the latest version from GitHub:
License: Apache 2.0 | Status: Production Ready