PortSwigger Introduces Burp AI: Revolutionizing Penetration Testing

PortSwigger has announced a groundbreaking update to Burp Suite, introducing Burp AI, a suite of artificial intelligence (AI) features designed to revolutionize web security testing.

Alongside this, the release includes a Bambda library for reusable code snippets and a streamlined extension starter project to facilitate custom development.

These updates aim to enhance efficiency, reduce manual effort, and improve the overall user experience in security workflows.

Burp AI: Transforming Security Testing

The centerpiece of this release is Burp AI, a collection of advanced AI-powered tools integrated into Burp Suite Professional.

These features are tailored to save time, reduce false positives, and provide deeper insights into vulnerabilities:

• Explore Issue: This feature autonomously investigates vulnerabilities identified by the Burp Scanner. Acting like a human penetration tester, it attempts exploits, identifies additional attack vectors, and summarizes findings for efficient validation.
• Explainer: Users can highlight any part of a Repeater message and receive an AI-generated explanation of headers, cookies, JavaScript functions, or other components. This eliminates the need to leave the interface when analyzing unfamiliar technologies.
• Broken Access Control False Positive Reduction: By filtering out false positives in Broken Access Control scan checks, Burp ensures users can focus on real threats without distractions.
• AI-Powered Recorded Logins: Configuring authentication for web applications is simplified through AI-generated login sequences, reducing errors and saving time.
• AI-Powered Extensions: Leveraging the Montoya API, developers can now integrate advanced AI capabilities into their custom extensions without managing API keys. All interactions occur within Burp Suite’s secure infrastructure.

To support these features, Burp Suite has introduced AI credits, a new payment model for AI-powered tools.

Each user starts with 10,000 free credits (equivalent to $5), ensuring easy access to these innovations.

Bambda Library: Code Reusability at Its Best

PortSwigger has also introduced the Bambda library, enabling users to store and reuse small Java-based code snippets called Bambdas.

These snippets can be applied across various tools within Burp Suite for tasks such as:

• Creating custom match-and-replace rules
• Adding personalized table columns
• Filtering HTTP or WebSocket histories

Bambdas can be imported from shared sources or downloaded from the official GitHub repository. Users can also build their own using built-in templates available under Extensions > Bambda Library.

This feature empowers testers to customize workflows efficiently while maintaining consistency across projects.

Extension Development Starter Project

To simplify extension development using the Montoya API, Burp Suite now offers a downloadable starter project.

This includes pre-configured files and templates that allow developers to begin coding their extensions quickly.

The project can be accessed via Extensions > APIs > Download Starter Project and opened in any integrated development environment (IDE).

Montoya API Enhancements

The Montoya API has been updated to improve support for Bambdas and extensions.

Key updates include:

• Accessing unique project file IDs alongside file names.
• Retrieving parameters without specifying their types.

These enhancements streamline extension development and expand customization possibilities for developers.

Quality-of-Life Improvements

Additional updates include:

• Retention of Intruder’s capture and view filter settings during repeated attacks.
• A new session-handling action that enables broad modifications (e.g., updating JSON content) in requests.
• A “Load Behavior” setting that prevents unnecessary dialogs when reloading extensions.

Bug Fixes and Browser Updates

This release also addresses a bug where the source IP address column was empty for DNS requests over IPv6 in Burp Collaborator.

Additionally, Burp’s browser has been upgraded to Chromium 134.0.6998.x across all platforms for improved performance and compatibility.

Security and Privacy

PortSwigger emphasizes that all AI interactions are processed securely through its trusted infrastructure.

User data is never used to train external AI models, ensuring that privacy remains uncompromised.

With these updates, Burp Suite continues to lead the way in web application security testing by combining cutting-edge technology with user-centric design.

For more details on these features, users are encouraged to explore the official documentation within Burp Suite.

Also Read: