search

Data Flow

This page describes how data moves through the extension, from user action to AI response.

hashtag
Chat Flow (Context Menu → AI Response)

User right-clicks request        Context menu action triggered
        │                                    │
        ▼                                    ▼
┌───────────────┐              ┌──────────────────────┐
│ Burp Selection │──────────►  │  ContextCollector     │
│ (request/issue)│              │  Extracts URL, method,│
└───────────────┘              │  headers, params, body│
                                └──────────┬───────────┘


                                ┌──────────────────────┐
                                │  Redaction Pipeline   │
                                │  Applies privacy mode │
                                │  (STRICT/BALANCED/OFF)│
                                └──────────┬───────────┘


                                ┌──────────────────────┐
                                │  Prompt Bundle        │
                                │  Context + template + │
                                │  SHA-256 hash         │
                                └──────────┬───────────┘


                                ┌──────────────────────┐
                                │  Backend Adapter      │
                                │  CLI (subprocess) or  │
                                │  HTTP (API call)      │
                                └──────────┬───────────┘

                                    ┌──────┴──────┐
                                    ▼             ▼
                            ┌────────────┐ ┌────────────┐
                            │ Audit Log  │ │ Chat Panel │
                            │ (JSONL)    │ │ (Markdown) │
                            └────────────┘ └────────────┘

hashtag
Step-by-Step

  1. User selects context: Right-click on a request/response in Proxy, Repeater, or Site Map; or on an issue in the Scanner panel.

  2. Context collection: ContextCollector captures the selected request/response or issue data as raw text plus metadata (URL, method, severity, confidence, remediation).

  3. Redaction: The Redaction module applies the active privacy mode:

    • STRICT: Strips cookies, redacts auth tokens, anonymizes hostnames using SHA-256(salt + host).

    • BALANCED: Strips cookies, redacts auth tokens, preserves hostnames.

    • OFF: No modification.

  4. Prompt bundle: The redacted context is combined with the selected prompt template. If determinism is enabled, context ordering is stabilized. A SHA-256 hash of the bundle is computed for audit integrity.

  5. Backend processing: The prompt is sent to the configured AI backend (CLI subprocess or HTTP API). The response streams back in real time.

  6. Audit logging: If enabled, the prompt bundle, context hashes, backend metadata, and streamed response chunks are written to ~/.burp-ai-agent/audit.jsonl.

  7. Display: The AI response is rendered as Markdown in the chat panel. For scanner findings, issues may be created automatically.

hashtag
Passive Scanner Flow

hashtag
Active Scanner Flow

hashtag
MCP Tool Flow

PreviousArchitectureNextRedaction Pipeline

Last updated