Join us on May 15 for a live demo of how Burp Suite DAST solves real-world security challenges.            Register Now
Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Professional

Troubleshooting AI connectivity

  • Last updated: May 15, 2025

  • Read time: 4 Minutes

To use Burp Suite's AI-powered features and access your AI credit balance, your device must be able to reach https://ai.portswigger.net.

If you can't see your AI credits or use Burp's AI features, the cause is likely to be one of the following:

  • You're offline.

  • Your network requires an upstream proxy.

  • An intercepting proxy is intercepting and re-signing traffic with its own certificate. Burp doesn't trust self-signed certificates by default, so it blocks the connection.

This page provides a step-by-step guide to help you troubleshoot common connectivity problems.

Step 1: Check your internet connection

Make sure your computer is online and able to access PortSwigger's AI services. To do this:

  1. Open a browser and visit https://portswigger.net to confirm general internet access.

  2. Try visiting https://ai.portswigger.net. You should see a 404 Not Found message - this is expected and confirms that your network can reach Burp's AI platform.

If either step fails, check your network settings or contact your administrator.

Step 2: Configure an upstream proxy

Some networks require an upstream proxy to access the internet. If this applies to your environment:

  1. In Burp, click Settings. The Settings dialog opens.

  2. Go to Network > Connections.

  3. Under Upstream proxy servers, click Add. The Add upstream proxy rule dialog opens.

  4. Enter the required proxy details. For more information, see Connections settings - Upstream proxy servers.

  5. Click OK.

  6. The new upstream proxy rule is added to the table.

Step 3: Identify and resolve an intercepting proxy

Some networks use intercepting proxies, such as ZScaler, that decrypt HTTPS traffic and re-sign certificates. Burp doesn't trust these certificates by default, which can block access to AI services.

To check if an intercepting proxy is affecting your connection:

  1. In Burp's browser, go to https://ai.portswigger.net.

  2. In Burp, go to Settings > Network > TLS.

  3. Under Server TLS certificates, find the entry for ai.portswigger.net.

  4. Check the certificate issuer:

    • If the issuer is a well-known CA provider such as Amazon, it's unlikely that an intercepting proxy is interfering with the connection.

    • If the certificate is issued by an intercepting proxy (such as ZScaler), or your company's security system, then your traffic is being intercepted.

If your traffic is being intercepted by a proxy, you'll need to set the proxy as a trusted entity. You can:

  • Allowlist Burp in the intercepting proxy.

  • Configure Burp to use your system's trusted certificate store (Windows only).

  • Manually import the intercepting proxy's certificate into Java's trust store.

Option 1: Allowlist Burp in the intercepting proxy

If your security software allows exceptions, add ai.portswigger.net to the allowlist. You may need to ask a network administrator to do this.

Option 2: Configure Burp to use your system's trusted certificate store

If your system already trusts the intercepting proxy's certificate, you can configure Burp to use your system's certificate store instead of its default Java trust store.

This option is quick and easy to set up, but is only available for Windows systems.

To use your system's certificate store:

  1. Create a user.vmoptions file. This enables you to specify custom Java options for Burp. For instructions, see Creating a user.vmoptions file.

  2. Add the following to the user.vmoptions file:

    -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

  3. Restart Burp, then check if you can access AI features.

Option 3: Import the intercepting proxy's certificate into Java's trust store

If you're using MacOS or Linux, or can't configure Burp to use the system's certificate store, you can add the intercepting proxy's certificate to Java's trust store manually.

  1. Find the file path of the intercepting proxy's certificate. If you're not sure, check your system settings or ask a network administrator.

  2. In Burp, go to Help > Diagnostics. The Burp Suite diagnostics dialog opens.

  3. Locate the java.home property and make a note of the path to Burp's Java installation.

  4. Open a terminal and use the following command to navigate to the Java bin folder. Replace JAVA_FOLDER with the Java installation path you noted earlier:

    • MacOS and Linux:

      cd "JAVA_FOLDER/bin"

    • Windows:

      cd "JAVA_FOLDER\bin"

  5. Import the certificate using the following command. Replace JAVA_FOLDER with the Java installation path you noted earlier, and CERTIFICATE_FILE_PATH with the path to the intercepting proxy's certificate:

    • MacOS and Linux:

      keytool -import -trustcacerts -keystore "JAVA_FOLDER/lib/security/cacerts" -storepass changeit -alias MyCert -file CERTIFICATE_FILE_PATH

    • Windows:

      keytool -import -trustcacerts -keystore "JAVA_FOLDER\lib\security\cacerts" -storepass changeit -alias MyCert -file CERTIFICATE_FILE_PATH

  6. Make sure the certificate was added successfully using the following command. Replace JAVA_FOLDER with the Java installation path:

    • MacOS and Linux:

      keytool -list -keystore "JAVA_FOLDER/lib/security/cacerts" -storepass changeit | grep MyCert

    • Windows:

      keytool -list -keystore "JAVA_FOLDER\lib\security\cacerts" -storepass changeit | findstr MyCert

  7. Restart Burp, then check if you can access AI features.

Was this article helpful?