NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
All integrations

Connectors · Security Tools

BURP

Evidence Connector for Burp Suite

Route Burp Suite findings directly into SecEng evidence workflows.

Local firstIn developmentburp jarattackevidence
Request accessBack to integrations

Screenshots coming soon

Visual walkthrough of Evidence Connector for Burp Suite in progress

Overview

The SecEng Evidence Connector for Burp Suite uses the Montoya API to passively capture HTTP traffic and send AI-related findings to the local SecEng sidecar. It creates native Burp issues for each finding and surfaces them in the Burp UI — no separate tool required. Everything runs locally; no traffic leaves the machine.

Features

  1. 01.

    Passive HTTP listener

    Monitors all HTTP/S traffic flowing through Burp Proxy and forwards AI-related requests and responses to the sidecar for analysis.

  2. 02.

    Native Burp issue creation

    Findings are reported as first-class Burp issues with severity, confidence, and detail fields — exactly like any other Burp scanner finding.

  3. 03.

    Evidence attachment

    Attach scan findings to your SecEng program as structured evidence, linking HTTP evidence to your AI risk inventory.

  4. 04.

    Local first — no data exfiltration

    All analysis happens inside the sidecar on 127.0.0.1. Traffic never leaves the pentester's machine.

  5. 05.

    Context menu scanning

    Right-click any request in Burp's history to manually trigger a SecEng analysis on a specific payload.

Install steps

  1. Step 01

    Build the extension JAR: `./gradlew build` from `apps/burp-evidence-connector/`.

  2. Step 02

    In Burp, go to Extensions → Installed → Add → select the JAR from `build/libs/`.

  3. Step 03

    Ensure the SecEng sidecar is running on `http://127.0.0.1:17371`.

  4. Step 04

    Browse target AI endpoints through Burp Proxy — findings appear automatically in the Issues tab.

Capabilities

capture trafficreport findingattach evidenceexport json

Surfaces

proxy listenercontext menupanel

Scan modes

http_requesthttp_responseselection

Privacy architecture

Local first

This integration runs 100% in-process using a compiled WASM engine. Text is scanned locally — nothing is transmitted to a server, no analytics, no telemetry. Ideal for regulated environments where data residency and air-gap requirements apply.

Native manifest:burp jar

Platform vendor

PortSwigger

This integration is built by aisecurity.llc and runs natively on PortSwigger.

WebsiteDeveloper docsMarketplaceGitHubTwitter / X

Early access

Get early access — Trust Scanner integrations are in active development

Evidence Connector for Burp Suite and all 40integrations are under active development. Tell us what you need and we'll prioritize your platform.

Request accessBrowse all integrations