init

.gitattributes

@@ -0,0 +1,6 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# These are explicitly windows files and should use crlf
+*.bat           text eol=crlf
+

.github/workflows/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,52 @@
+---
+name: Report a bug
+about: Report an issue to help us enhance the project.
+title: "[BUG] Brief description of the issue"
+labels: bug
+assignees: ""
+---
+
+# Description
+
+A clear and concise description of what the bug is.
+
+# Steps to Reproduce
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+# Expected Behavior
+
+A clear and concise description of what you expected to happen.
+
+# Screenshots
+
+If applicable, add screenshots to help explain your problem.
+
+# Environment
+
+- OS: [e.g. Windows, macOS, Linux]
+- Java version: [e.g. 8, 11, 16]
+- Burp Suite version: [e.g. Professional 2021.4, Community 2021.4]
+- GPT model used: [e.g. GPT-3, GPT-Neo, GPT-2]
+- Maximum tokens used: [e.g. 2048]
+- Prompt used: [e.g. "Analyze the following HTTP request and response for potential vulnerabilities..."]
+
+# HTTP Request/Response Info
+
+- Request URL:
+- Request Method:
+- Request Headers:
+- Request Body:
+- Response Headers:
+- Response Body:
+
+# Error Message
+
+Paste the error message from the Extender Error tab here, if available.
+
+# Additional Context
+
+Add any other context about the problem here.

.github/workflows/ISSUE_TEMPLATE/feature_report.md

@@ -0,0 +1,27 @@
+---
+name: Report a feature request
+about: Propose an idea or enhancement for this project.
+title: "[FEATURE] Brief description of the feature"
+labels: enhancement
+assignees: ""
+---
+
+# Problem or Use Case
+
+A clear and concise description of the problem or use case where GPT-based vulnerability identification would be useful.
+
+# Proposed Solution
+
+A clear and concise description of what you want to happen. Please provide as much detail as possible, including how the feature would interact with GPT models and Burp Suite.
+
+# Alternative Solutions Considered
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+# Example
+
+If applicable, provide an example of how the feature would work by leveraging GPT models to identify vulnerabilities in HTTP request/response pairs. You can include a sample request/response pair and a prompt that would be sent to the GPT model to identify vulnerabilities.
+
+# Additional Context
+
+Add any other context, screenshots, or references about the feature request here.

.github/workflows/gradle-build.yml

@@ -0,0 +1,38 @@
+name: Java CI with Gradle
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Node.js 16
+        uses: actions/setup-node@v2
+        with:
+          node-version: 16
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: "11"
+          distribution: "adopt"
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Build with Gradle
+        run: ./gradlew build
+
+      - name: Archive build artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: build-artifacts
+          path: |
+            build/libs

.gitignore

@@ -0,0 +1,17 @@
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build/
+
+# Ignore Eclipse project-specific files
+.settings/
+
+# Ignore Visual Studio Code related files
+.vscode/
+
+# Ignore IntelliJ IDEA project-specific files
+.idea/
+
+# Ignore binary files
+bin/

README.md

@@ -0,0 +1,85 @@
+# burpgpt
+
+`burpgpt` utilises the power of artificial intelligence to identify potential security vulnerabilities that traditional "dumb" scanners might overlook. It sends traffic to a user-specified `OpenAI` model for analysis within the passive scanner. By providing the ability to customise prompts, this extension offers limitless possibilities for analysing web traffic according to specific user requirements.
+
+The extension's objective is to provide a context-relevant security report that delivers an automated yet human-readable summary of potential security issues in the application. As such, it presents a fast and convenient approach to integrating the capabilities of AI and natural language processing into security assessments. It also alleviates the workload on security professionals while offering them a higher-level overview of the scanned application/endpoints.
+
+## Features
+
+- Provides an additional passive scan check to submit HTTP request and response data to a user-controlled GPT model for security analysis.
+- Allows for customisation of prompts to unlock infinite ways of interacting with OpenAI models.
+- Leverages the power of OpenAI's GPT-3 API to detect potential security vulnerabilities in the scanned application.
+- Allows the user to select the most suitable OpenAI model from the available options.
+- Offers easy API key rotation to provide greater control over billing and usage.
+- Integrates seamlessly with Burp Suite, making it easy to use and transparent once configured.
+
+## Installation
+
+### 1. Compilation
+
+1. Ensure you have [Gradle](https://gradle.org/) installed and configured.
+
+2. Download the `burpgpt` repository:
+
+   ```bash
+   git clone https://github.com/aress31/burpgpt
+   cd .\burpgpt\
+   ```
+
+3. Build the standalone `jar`:
+
+   ```bash
+   gradle shadowJar
+   ```
+
+### 2. Loading the Extension Into the `Burp Suite`
+
+To install `burpgpt` in `Burp Suite`, go to the `Extendensions` tab and click on the `Add` button. Then, load the `burpgpt-all` jar file located in the `.\build\libs` folder.
+
+# Usage
+
+Before using `burpgpt`, the user needs to fill in their `OpenAI API key` and select/change a `model` within the settings panel available on the `Burp Suite` menu bar. The user can also tweak or use custom `prompts` within the settings panel.
+
+Once the `OpenAI` model is configured, all passively scanned items would be sent to the selected `OpenAI model` for analysis based on the user's `prompt`. The `prompt` accepts placeholders that are post-processed prior to sending to the `OpenAI model` to replace with the relevant request/response values.
+
+Here is a list of the supported placeholders in the burpgpt extension:
+
+- `{IS_TRUNCATED_PROMPT}` - A `boolean` value that indicates whether the prompt has been truncated to fit within the `2048 character` limit imposed by most `GPT-3.5` models' `maxTokens` value. This value is programmatically set by the extenstion.
+- `{URL}` - The URL of the scanned request.
+- `{METHOD}` - The HTTP request method used in the scanned request.
+- `{REQUEST_HEADERS}` - The headers of the scanned request.
+- `{REQUEST_BODY}` - The body of the scanned request.
+- `{RESPONSE_HEADERS}` - The headers of the scanned response.
+- `{RESPONSE_BODY}` - The body of the scanned response.
+
+These placeholders can be used in the custom prompt to dynamically generate a request/response analysis prompt that is specific to the scanned request.
+
+# Roadmap
+
+- [ ] Retrieve the precise `maxTokens` value for each model to transmit the maximum allowable data and obtain the most extensive `GPT` response possible.
+- [ ] Implement persistent configuration storage to preserve settings across `Burp Suite` restarts.
+- [ ] Enhance the code for accurate parsing of `GPT` responses into the `Vulnerability` model for improved vulnerability reporting.
+
+## Project Information
+
+The extension is currently under development and we welcome feedback, comments, and contributions to make it even better.
+
+## Sponsor 💖
+
+If this extension has saved you time and hassle during a security assessment, consider showing some love by sponsoring a cup of coffee ☕ for the developer. It's the fuel that powers development, after all. Just hit that shiny Sponsor button at the top of the page or [click here](https://github.com/sponsors/aress31) to contribute and keep the caffeine flowing. 💸
+
+## Reporting Issues
+
+Did you find a bug? Well, don't just let it crawl around! Let's squash it together like a couple of bug whisperers! 🐛💪
+
+Please report any issues on the [GitHub issues tracker](https://github.com/aress31/burp-gpt/issues). Together, we'll make this extension as reliable as a cockroach surviving a nuclear apocalypse! 🚀
+
+## Contributing
+
+Looking to make a splash with your mad coding skills? 💻
+
+Awesome! Contributions are welcome and greatly appreciated. Please submit all PRs on the [GitHub pull requests tracker](https://github.com/aress31/swurg/pulls). Together we can make this extension even more amazing! 🚀
+
+## License
+
+See [LICENSE](LICENSE).

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists