Use this checklist after installation before starting a real assessment.
Extension loaded: AI Agent tab is visible.
AI Agent
Backend selected: backend set in AI Backend tab.
Backend configured: command/URL/model/auth values are valid.
Backend healthy: top status indicator shows active state.
Context menus available: request right-click menu shows Burp AI Agent actions.
MCP ON: top-bar MCP toggle enabled.
Token recorded: token available for external clients when needed.
Port free: configured port (default 9876) is not occupied.
9876
Default privacy mode is OFF. Choose STRICT or BALANCED before using cloud backends on sensitive targets.
OFF
STRICT
BALANCED
Privacy mode set intentionally (STRICT/BALANCED/OFF).
Audit logging enabled if compliance traceability is needed.
Determinism enabled if reproducibility is required.
Salt rotated for new sensitive engagements.
Passive scanner configured with Scope Only ON.
Active scanner only enabled when traffic is authorized.
Scope configured in Burp Target before active checks.
Browse through Burp Proxy.
Right-click a request in Proxy -> HTTP History.
Select Extensions -> Burp AI Agent -> Find vulnerabilities.
Verify a chat session opens and response streams.
If any step fails, use Troubleshooting.
Last updated 16 days ago
