BurpGPT-Burp的AI插件

Posted on Edited on In ,

BurpGPT-Burp的AI插件

BurpGPT:

https://github.com/aress31/burpgpt/
burpgpt 利用人工智能的力量来检测传统扫描仪可能遗漏的安全漏洞。它将网络流量发送到用户指定的 OpenAI 模型,从而在被动扫描仪中实现复杂的分析。此扩展提供可自定义的提示,可以进行定制的网络流量分析,以满足每个用户的特定需求。查看示例用例部分以获得灵感。主要实现方式为调用OpenAI的API接口来使用自己定制Propmt的数据分析来寻找漏洞。

优势:

随时携带一个定制化的数据分析专家,对于TOP10或者一些容易遗漏的基础漏洞很能把握到。

劣势:

目前还无法做到API多轮对话,对数据分析比较死板。

原地址的burpgpt不更新了,导致对API调用出了些问题,修改了部分逻辑后我重构了一下原项目,截止目前(2024.02)还是能用的。
https://github.com/HKirito/burpgpt

使用截图:

burpgpt

burpgpt-used

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
private GPTResponse getCompletions(GPTRequest gptRequest, String apiKey, String model, String prompt)
      throws IOException {
    gptRequest.setPrompt(prompt);

    String apiEndpoint = "https://api.openai.com/v1/chat/completions";
    MediaType JSON = MediaType.parse("application/json; charset=utf-8");
    JsonObject jsonObject = new JsonObject();

    String[] splitPrompt = gptRequest.getPrompt().split("-----",2);
    String systemMessage = splitPrompt[0];
    String userMessage = splitPrompt[1];

    JsonArray messages = new JsonArray();
    JsonObject systemMessageObj = new JsonObject();
    systemMessageObj.addProperty("role","system");
    systemMessageObj.addProperty("content",systemMessage);
    messages.add(systemMessageObj);
    JsonObject userMessageObj = new JsonObject();
    userMessageObj.addProperty("role","user");
    userMessageObj.addProperty("content",userMessage);
    messages.add(userMessageObj);

//    jsonObject.addProperty("prompt", gptRequest.getPrompt());
    jsonObject.addProperty("max_tokens", gptRequest.getMaxPromptSize());
    jsonObject.addProperty("n", gptRequest.getN());
    jsonObject.addProperty("model", model);
    jsonObject.add("messages",messages);
    String jsonBody = gson.toJson(jsonObject);

    RequestBody body = RequestBody.create(jsonBody, JSON);
    Request request = new Request.Builder()
        .url(apiEndpoint)
        .addHeader("Content-Type", "application/json")
        .addHeader("Authorization", "Bearer " + apiKey)
        .post(body)
        .build();

    if (MyBurpExtension.DEBUG) {
      // Write the request body to a buffer
      Buffer buffer = new Buffer();
      request.body().writeTo(buffer);

      logging.logToOutput("[+] Completion request sent:");
      logging.logToOutput(String.format("- request: %s\n" +
          "- requestBody: %s", request, buffer.readUtf8()));
    }

    try (Response response = client.newCall(request).execute()) {
      if (!response.isSuccessful()) {
        handleErrorResponse(response);
      } else {
        String responseBody = response.body().string();

        if (MyBurpExtension.DEBUG) {
          logging.logToOutput("[+] Completion response received:");
          logging.logToOutput(String.format("- responseBody: %s",
              responseBody));
        }

        return gson.fromJson(responseBody, GPTResponse.class);
      }
    } catch (IOException e) {
      throw new IOException(e);
    }

    return null;
  }

使用“——-”分割了role角色的描述和预设propmt,所以在burp内预设角色和系统propmt的时候需要使用“——-”进行隔开。比如这样:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Please analyze the following HTTP request and response for potential security vulnerabilities, specifically focusing on OWASP top 10 vulnerabilities such as SQL injection, XSS, CSRF, and other common web application security threats.

-----

Format your response as a bullet list with each point listing a vulnerability name and a brief description, in the format:
- Vulnerability Name: Brief description of vulnerability

Exclude irrelevant information.

=== Request ===
{REQUEST}

=== Response ===
{RESPONSE}