Offensive Web Application Security Software
Joined May 2018
- Tweets 815
- Following 9,721
- Followers 19,146
- Likes 1,275
161 Photos and videos
Pinned Tweet
Burp Bounty Pro v3.1.0 is out.
New: AI Scanner. Sends each request to an LLM with structured context extracted from the response. The AI decides which profiles to launch automatically.
A new option alongside Active Scan and Smart Scan, not a replacement.
2
25
132
10,969
Last week we asked if an MCP server for Burp Bounty Pro would be useful.
The answer was clear: yes.
So we're building it.
2
1
7
687
Connect an AI agent to BBP: launch scans, pick profiles by tag, read findings, trigger Smart Scan rules.
The principle we won't break: deterministic control. The agent decides what to scan, the programmatic engine executes with the same precision
Thanks to everyone.
2
510
Bounty Security retweeted
An LLM's output is not trustworthy by default: it must be treated as unverified data, just like input from any user.
If you don't validate it before displaying or executing it, that's Insecure Output Handling.
1
3
3
251
Thinking about an MCP server for Burp Bounty Pro.
Let an agent drive it: "scan this host for SQLi SSRF, summarize by severity" and BBP runs end to end.
Genuinely undecided. If you use the tool, your take shapes this one ๐
1
2
5
338
We broke down the 6 new AI/LLM profiles in Burp Bounty Pro:
๐ Response headers โ model provider
๐ Gateway fingerprints โ proxy mesh
โค๏ธ Health/metrics โ versions
๐ฆ JSON metadata โ RAG, MCP
๐ค OpenAI-compatible โ raw LLM endpoint
โฑ๏ธ RateLimit โ Denial of Wallet
4
1
7
647
Browse the target. By the time you've mapped it, BBP has told you: Kong-fronted service routing GPT-4o through a Pinecone RAG pipeline, MCP tools attached, rate-limited by tokens.
๐ 15 days free โ bountysecurity.ai/pages/contโฆ
550
Bounty Security retweeted
Some of the techniques emerging to improve the performance of LLMs are based on ideas borrowed from how the human brain works.
In our latest post we sum up 5 of the most recent ones: kaptor.ai/blog/brain-based-lโฆ
1
4
222
Profile 6, the last of the AI/LLM set in Burp Bounty Pro: RateLimit header disclosure.
โฑ๏ธ Detects RateLimit-* and X-RateLimit-* headers.
๐ 15 days free โ bountysecurity.ai/pages/contโฆ
2
3
458
Low limit on one route high on another โ which endpoint hits the expensive model. Map the architecture by following the money.
Denial of Wallet: exhaust the budget, not the compute. Exact limits tell you how
1
353
Profile 5 of the AI/LLM set in Burp Bounty Pro: OpenAI-compatible API fingerprinting.
๐ค Detects:
chatcmpl-* completion IDs
choices model usage objects in the body
The OpenAI schema became the de facto standard. Detecting it = found an LLM endpoint.
3
1
563
It confirms a raw LLM API is reachable, not just a wrapped chat UI. Raw endpoints (self-hosted vLLM, Ollama) often have far fewer guardrails. The usage object even hints at how big the hidden system prompt is
๐ 15 days free โ bountysecurity.ai/pages/contโฆ
1
377
Profile 4 of the new AI/LLM set in Burp Bounty Pro: AI metadata leakage in JSON bodies.
๐ฆ Detects in any response body:
rag_enabled
mcp_enabled
embedding_model
vector_db
*_tokens
model_provider
service_version
2
1
3
497
Each field is part of the attack plan:
rag_enabled โ PoisonedRAG on the table mcp_enabled โ tool poisoning on the table embedding_model โ inversion attempts viable vector_db โ know the retrieval backend
๐ 15 days free โ bountysecurity.ai/pages/contโฆ
1
386
Bounty Security retweeted
Nearly every SOC we talk to is automating something with LLMs.
L1 phishing triage, ticket classifiers, alert enrichment.
And nearly all of them make the same two mistakes: secrets in the system prompt LLM output with no validation.
2
2
4
317
Profile 2 of the new AI/LLM set in Burp Bounty Pro: API gateway fingerprints.
๐ Detects:
x-kong-upstream-latency
x-kong-proxy-latency
x-kong-request-id
x-envoy-upstream-service-time
x-envoy-attempt-count
x-envoy-original-path
2
2
6
475
The gateway is the map of the architecture. Kong โ likely rate limiting and auth plugins. Envoy โ service mesh microservices. Latency headers โ where the LLM provider lives.
Passive recon that changes the whole engagement
๐ 15 days free โ bountysecurity.ai/pages/contโฆ
209
Bounty Security retweeted
May 21
Sharp take from my @kaptorsecurity co-founder @joserabal .
Technical people used to be the most aware of the risks. Now we're one of attackers' favourite targets. Malicious extensions, agent Skills repos, indirect prompt injection
Full take ๐
linkedin.com/posts/cybersecuโฆ
1
2
276
AI pentests are growing fast. The first step on any of them: figure out the model, the provider, the architecture.
Profile #1 of 6 in the new AI/LLM set detects:
๐ x-ai-backend
๐ x-llm-provider
๐ x-openai-model
๐ x-anthropic-model
๐ x-mcp-enabled
๐ x-model
1
2
8
450
x-openai-model: gpt-4o โ which prompt injection patterns to use x-mcp-enabled: true โ tool poisoning attack surface exists x-anthropic-model: claude-sonnet โ different guardrails to bypass
Test it: burpbountylab.com/
๐ Burp Bounty Pro: bountysecurity.ai/pages/burpโฆ
275
Just shipped 6 new passive profiles for Burp Bounty Pro, focused on AI/LLM disclosure surfaces:
๐ AI/LLM response headers
๐ Kong Envoy fingerprints
โค๏ธ Health, status, metrics endpoints
๐ฆ AI metadata in JSON bodies
๐ค OpenAI-compatible API detection
โฑ๏ธ RateLimit headers
2
2
3
387
Validate them on Burp Bounty Lab. Load Burp Bounty Pro with the new profiles, point at burpbountylab.com/, all 6 fire
Start of an AI-focused profile set. Disclosure patterns you keep seeing in AI pentests? Drop them.
1
158