Quick start
This page gives the shortest path from installation to a working BurpGPT Pro analysis.
Last updated
This page gives the shortest path from installation to a working BurpGPT Pro analysis.
Use this checklist to confirm the extension is installed, connected to a model provider, and ready to analyse HTTP traffic.
Make sure you have:
Burp Suite Professional 2026.4 or later.
The jar file.
Your licence details.
Either a cloud provider API key or a local/self-hosted provider endpoint.
Open Burp Suite Professional.
Go to Extensions.
Click Add.
Select the jar file.
Confirm that the BurpGPT Pro menu appears.
For the full installation guide, see Installation.
Open BurpGPT Pro -> Licence, then activate your licence with the key from your purchase email.
After activation, the BurpGPT Pro tab, scan action, and AI Chat editor are available in Burp Suite.
For the full activation guide, see Activate your licence.
Go to Provider settings, then choose one provider path:
For hosted APIs, see Use supported cloud-based model providers.
For Ollama or self-hosted endpoints, see Use supported local model providers.
Enter the provider, base URL, API key if required, model name, timeout, and request parameters.
Click Test request before scanning or chatting.
If the test fails, check Burp's Logger tab for the provider request and response. See Test and validate model provider settings for details.
Choose the workflow that matches your task:
Use AI scanner for active scan checks.
Right-click a request and select Extensions -> BurpGPT Pro -> Scan with AI (results in Target -> Site map) for targeted manual analysis.
Open the AI Chat editor tab to ask follow-up questions about selected traffic.
See Analyse HTTP traffic and Use AI Chat for the full workflows.
For scan-based workflows, the extension creates Information-level issues named GPT-generated insights.
For chat workflows, responses appear in the AI Chat editor history.
Always manually validate AI-generated results before relying on them in a security report.
Last updated