-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathBappDescription.html
More file actions
71 lines (64 loc) · 4.49 KB
/
Copy pathBappDescription.html
File metadata and controls
71 lines (64 loc) · 4.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<p>
AI Prompt Fuzzer is a Burp Suite extension designed to help security professionals test AI-based applications for prompt injection vulnerabilities. With the rapid rise of large language models (LLMs) in sensitive contexts such as customer support, content generation, and automated decision-making, traditional tools often fall short in detecting LLM-specific security issues.
This extension fills that gap by automating prompt fuzzing against AI APIs using customizable payloads, helping identify abnormal or unsafe model behavior. Starting from version v2.0.0, Burp's AI can be utilized to review/verify responses from the target applications.
In version 3.0.0, AI vs AI mode has been introduced, where users can utilize Burp AI to automate the entire attack (generate payloads, analyze and evalute the response, and decide the next action). This mode consumes more Burp AI credits to perform the entire attack.
</p>
<p>
The tool sends predefined prompts to the target API and flags responses that contain specified validation strings, indicating a potential vulnerability or misbehavior. It handles challenges unique to LLMs, such as non-deterministic responses, by recommending strategies like asking the model to echo specific phrases when accepting a prompt.
In AI vs AI mode, the tool utilizes Burp AI model to to generate, analyze, and evalute the response.
</p>
<h2>Features</h2>
<ul>
<li>Automated fuzzing of LLM prompts using payloads defined in XML format.</li>
<li>Completely automated Prompt Injection attacks using Burp AI model.</li>
<li>Customizable keywords strings to identify potential breaks in AI behavior.</li>
<li>Utilize Burp's AI for automating/reviewing/verifying responses for potential breaks (versions >= v2.0.0).</li>
<li>Request editor with placeholder insertion for dynamic payload injection.</li>
<li>Log table showing each request's time, method, URL, status, length, and break status.</li>
<li>Auto highlighted responses with different colours for potential breaks.</li>
<li>Detailed request and response viewer for each fuzzed interaction.</li>
<li>Built-in payload viewer and editor with support for loading default payloads.</li>
<li>Filters and sorting by status, break state, and response size for easy analysis.</li>
<li>Option to URL-encode or escape characters in payloads to ensure compatibility with target applications.</li>
<li>Detection of response anomalies using adjustable match thresholds (e.g., minimum count of validation string).</li>
<li>Integration with other Burp tools using right-click context menu -> Send to Repeater/Intruder.</li>
</ul>
<h2>Usage</h2>
<ol>
<li>Send a target request to the extension using the right-click menu -> Extensions -> AI Prompt Fuzzer -> Send Request.</li>
<li>Insert a placeholder (e.g., <code class="InlineCode">[PLACEHOLDER]</code>) in the desired location of the request where payloads will be injected.</li>
<li>Start fuzzing:
<ul>
<li>Manual Testing:
<ol>
<li>Load payloads from a local XML file or rely on the built-in default payloads.</li>
<li>Click <strong>Send Payloads</strong> to begin fuzzing. Each payload replaces the placeholder and is sent as an individual request.</li>
</ol>
</li>
<li>AI vs AI mode:
<ol>
<li>Click the AI vs AI button.</li>
<li>Follow the wizard and pick your choices.</li>
</ol>
</li>
</ul>
<li>Use the log table to view and sort the results. Highlighted rows indicate a potential break based on the keywords/validate string found in the response or based on Burp's AI verification.</li>
<li>Adjust detection sensitivity using the "Minimum occurrences of the keywords string for potential break" option if needed.</li>
<li>Send any logged request to Repeater or Intruder for further manual analysis.</li>
<li>Customize or review payloads using the <strong>View Payloads</strong> feature. Edits are made directly in the table view.</li>
</ol>
<p>
Payloads should be formatted as follows:
</p>
<pre><code class="Code"><?xml version="1.0" encoding="UTF-8"?><br />
<payloads><br />
<payload><br />
<inject>payload string - must ask the AI/LLM to respond with "specific text"</inject><br />
<keywords>specific text</keywords><br />
</payload><br />
</payloads>
</code></pre>
<p>
Note: in versions >= v2.0.0, <validate> tag has been renamed into <keywords> - <validate> tag is still supported
Ensure any XML special characters in payloads are escaped properly (e.g., ", ', <, >, &).
</p>