TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference

BHIS · 2025-05-07 · Read original ↗

ATT&CK techniques detected

4 predictions
T1176Software Extensions
91%
“noticed while evaluating burpference is that the context for each inference request consisted of only a single request and response. i think this could be a limiting factor in the usefulness of the extension as it currently exists. the smaller local model ’ s responses plainly st…”
T1176.001Browser Extensions
41%
“noticed while evaluating burpference is that the context for each inference request consisted of only a single request and response. i think this could be a limiting factor in the usefulness of the extension as it currently exists. the smaller local model ’ s responses plainly st…”
T1176.002IDE Extensions
38%
“noticed while evaluating burpference is that the context for each inference request consisted of only a single request and response. i think this could be a limiting factor in the usefulness of the extension as it currently exists. the smaller local model ’ s responses plainly st…”
T1190Exploit Public-Facing Application
36%
“i began manually browsing the juice shop application. as i browsed the application, i noticed that burpference was sending each request and response to the llm with the following prompt : you are a web application penetration tester conducting a comprehensive operation on an appl…”

Summary

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference appeared first on Black Hills Information Security, Inc..