Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Privacy Modes

Privacy mode controls what request/response data can leave Burp when the extension calls AI backends or returns MCP tool output.

Configure it in the Privacy & Logging tab in the Settings panel.

Default is BALANCED — cookies and tokens are redacted automatically. Users who explicitly choose another mode keep their choice across sessions.

Mode Comparison

Mode
Cookies
Auth headers / Bearer / JWT / Basic / URL tokens
Hostnames
Typical Use

STRICT

Stripped

Redacted

Anonymized (SHA-256 + salt)

Cloud backends with sensitive targets.

BALANCED

Stripped

Redacted

Preserved

Default. Mixed workflows where host context is needed.

OFF

Preserved

Preserved

Preserved

Controlled internal testing on local-only models.

Decision Guide

What Changes in Practice

STRICT

  • Hostnames are replaced with deterministic pseudonyms (salt-based SHA-256).

  • Auth/session tokens and URL query tokens are redacted.

  • Cookies are stripped.

BALANCED

  • Hostnames stay visible.

  • Auth/session tokens and URL query tokens are redacted.

  • Cookies are stripped.

OFF

  • Raw context is eligible for transmission.

  • No automatic redaction is applied.

When you change Privacy Mode the Privacy & Logging tab surfaces an inline advisory banner that summarises the combined state (e.g. OFF with MCP on, STRICT with the active scanner on, external MCP without allowed origins). See UI Tour → Advisory Banner (SubtleNotice) for the level semantics.

Patterns Redacted (STRICT and BALANCED)

Headers: Authorization, Proxy-Authorization, X-API-Key, API-Key, X-API-Secret, API-Secret, X-Client-Secret, X-Auth-Token, Auth-Token, X-Access-Token, Access-Token, X-Session-Token, Session-Token, X-CSRF-Token, CSRF-Token, X-XSRF-Token.

Inline tokens anywhere in the text: Bearer …, Basic …, JWT-shaped values (eyJ… with three base64url segments).

URL query parameters (value redacted, key kept): access_token, api_key, apikey, auth, token, key, secret, password, pwd, session, sid, code.

Before/After Example

Raw request:

STRICT output:

BALANCED output:

Context Preview Dialog

When you run a right-click action that captures context automatically (proxy item, scanner issue, site-map node, etc.), the extension opens a preview dialog before anything is sent:

  • Shows the current privacy mode prominently at the top.

  • Shows the exact prompt that will be sent.

  • Shows the redacted JSON that will accompany the prompt (what the AI will actually see).

  • Buttons: Send or Cancel.

If you cancel, no session is created and nothing is sent. User-typed messages inside an active chat session skip this dialog because you are the author.

Important Boundaries

Privacy mode does not prevent active scanner traffic from reaching the real target. It only controls prompt/tool data sent to AI clients.

  • BountyPrompt tag resolution runs after redaction, so tags inherit current privacy policy.

  • MCP tool responses are filtered by the same privacy mode.

  • Determinism mode and salt handling affect reproducibility and anonymization stability.

Related Pages

PreviousActive AI ScannerNextLimitations & Hallucinations

Last updated