search

Agent Profiles

Agent Profiles allow you to customize the AI's system instructions based on your engagement type. Profiles are Markdown files stored in ~/.burp-ai-agent/AGENTS/ that inject role-specific guidance into every AI interaction.

hashtag
Installation

On first run, the extension creates ~/.burp-ai-agent/AGENTS/ and auto-installs the bundled profiles. You should see three built-in profiles: pentester.md, bughunter.md, and auditor.md.

If you delete them, simply re-run Burp or drop the files back into the directory.

hashtag
How It Works

  1. The Agent profile dropdown lists all *.md files in ~/.burp-ai-agent/AGENTS/ (use Refresh to reload).

  2. The extension writes the active profile name to ~/.burp-ai-agent/AGENTS/default.

  3. When a chat session or context menu action runs, the extension loads the corresponding .md file and prepends its instructions to the AI prompt.

hashtag
Profile File Format

Profile files use a simple section-based format with [SECTION_NAME] headers:

hashtag
Structure

  • Global section (text before any [SECTION] header): Injected into every prompt regardless of action.

  • Named sections: Injected when the corresponding context menu action triggers. The [DEFAULT] section is used as a fallback when no specific section matches the action.

hashtag
Section-to-Action Mapping

The extension maps context menu actions to profile sections:

Context Menu Action
Profile Section

Find vulnerabilities

[REQUEST_ANALYSIS]

Analyze this request

[ANALYZE_REQUEST]

Explain JS

[JS_ANALYSIS]

Access control

[ACCESS_CONTROL]

Login sequence

[LOGIN_SEQUENCE]

Analyze this issue

[ISSUE_ANALYSIS]

Generate PoC & validate

[POC]

Impact & severity

[ISSUE_IMPACT]

Full report

[FULL_REPORT]

Free-form chat

[CHAT]

If no matching section is found, the [DEFAULT] section is used. If neither exists, only the global section is injected.

hashtag
Built-in Profiles

The extension UI offers three profile presets:

Profile
Description

pentester

General-purpose penetration testing focus. Emphasizes exploitation, PoC generation, and remediation.

bughunter

Bug bounty oriented. Prioritizes impact, severity, and report-ready output.

auditor

Compliance and audit focus. Emphasizes controls, regulatory frameworks, and documentation.

hashtag
Creating Custom Profiles

  1. Navigate to ~/.burp-ai-agent/AGENTS/.

  2. Create a new Markdown file (e.g., apitester.md).

  3. Write your global instructions and any [SECTION] blocks you need.

  4. Open Settings and click Refresh next to the Agent profile dropdown. Your new profile will appear automatically.

If you prefer automation, you can also edit ~/.burp-ai-agent/AGENTS/default directly to set the active profile name (e.g., apitester.md).

hashtag
File Caching

The profile loader caches the parsed profile and checks the file modification timestamp on each use. If you edit a profile file while Burp is running, the changes are picked up automatically on the next AI interaction without needing to restart.

hashtag
Tips

  • Keep global instructions concise (2-3 sentences) to avoid consuming too much of the model's context window.

  • Use section-specific instructions for detailed guidance per action type.

  • The [DEFAULT] section is a good place for general output formatting preferences.

  • Profile instructions appear as "System instructions (AGENTS):" in the prompt sent to the AI.

hashtag
Profile Validation

The settings UI validates profile tool references against currently enabled MCP tools.

  • If a profile references tools that are disabled, unsafe-gated, or unavailable in current edition, a warning is shown.

  • Validation checks tool references from bullet lists and common call formats (/tool ..., JSON tool calls).

  • This helps prevent silent profile/tool mismatches during sessions.

hashtag
Related Pages

PreviousBountyPrompt ActionsNextBurp Integration

Last updated