A comprehensive integration framework that enables Microsoft PyRIT (Python Red Team Intelligence Toolkit) orchestrations to run directly from Burp Suite via a FastAPI server. This project provides a seamless bridge between Burp Suite's web application security testing capabilities and PyRIT's AI-powered red teaming automation.
- Burp Suite Extension: Custom Java extension that integrates with Burp Suite's Montoya API
- FastAPI Server: RESTful API server that handles PyRIT orchestration requests
- Real-time Integration: Execute PyRIT operations directly from Burp Suite interface
- Modular Architecture: Clean separation between Burp extension and PyRIT server components
- Configurable Workflows: Support for custom PyRIT orchestration scenarios
pyrit-burp-integration/
├── burp-extension/ # Burp Suite Java extension
│ ├── src/main/java/
│ │ └── com/pyrit/burp/
│ │ ├── PyritExtension.java
│ │ └── PyritTab.java
│ ├── build.gradle
│ └── settings.gradle
├── server/ # FastAPI server
│ ├── adapters/
│ │ ├── pyrit_adapter.py
│ │ └── run_store.py
│ ├── models/
│ │ └── schemas.py
│ ├── app.py
│ └── requirements.txt
├── examples/ # Configuration examples
│ └── config.env.example
└── scripts/ # Utility scripts
└── run_server.sh
- Java 11+ (for Burp Suite extension)
- Python 3.8+ (for FastAPI server)
- Burp Suite Professional (with Montoya API support)
- PyRIT installed and configured
git clone https://github.com/sam8k/urLLM.git
cd urLLMcd server
pip install -r requirements.txtcd burp-extension
./gradlew buildcd server
python app.pyThe server will start on http://localhost:8000
- Open Burp Suite Professional
- Go to Extensions → Installed
- Click Add and select the built JAR file from
burp-extension/build/libs/ - The PyRIT tab will appear in Burp Suite
Copy the example configuration:
cp examples/config.env.example server/.envEdit the .env file with your PyRIT configuration.
Create a .env file in the server/ directory:
# PyRIT Configuration
PYRIT_API_KEY=your_pyrit_api_key
PYRIT_BASE_URL=https://your-pyrit-instance.com
# Server Configuration
HOST=0.0.0.0
PORT=8000
DEBUG=true
# Burp Suite Integration
BURP_API_KEY=your_burp_api_keyThe FastAPI server provides the following endpoints:
GET /health- Server health checkPOST /orchestrate- Execute PyRIT orchestrationGET /runs- List previous orchestration runsGET /runs/{run_id}- Get specific run details
The Burp Suite extension provides:
- PyRIT Tab: Dedicated interface for PyRIT operations
- Request Integration: Send Burp requests to PyRIT for analysis
- Response Processing: Handle PyRIT orchestration results
- Configuration Management: Manage PyRIT settings within Burp
- Capture a request in Burp Suite
- Right-click and select "Send to PyRIT"
- Choose orchestration type
- View results in the PyRIT tab
- Configure custom PyRIT orchestrations
- Use the API endpoints for programmatic access
- Integrate with existing security testing workflows
- Store API keys securely
- Use HTTPS in production
- Implement proper authentication
- Validate all inputs
- Monitor API usage
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Microsoft PyRIT team for the excellent red teaming framework
- PortSwigger for Burp Suite and the Montoya API
- FastAPI community for the robust web framework
For issues and questions:
- Create an issue on GitHub
- Check the documentation in each component
- Review the example configurations
Note: This integration requires Burp Suite Professional and a valid PyRIT installation. Ensure compliance with your organization's security policies before deployment.