Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Professional

Creating AI extensions

  • Last updated: February 13, 2025

  • Read time: 1 Minute

The Montoya API enables you to add advanced AI features into your Burp Suite extensions. Your extensions can now send prompts to a Large Language Model (LLM), allowing real-time input analysis and intelligent responses.

For example, you could use the API to build extensions that:

  • Automatically evaluate HTTP messages for potential vulnerabilities.

  • Create detailed security reports.

  • Develop extensions that dynamically interact with testers, suggesting payloads or workflows.

  • Generate explanations or training material for complex issues.

The Montoya API integrates directly with Burp, requiring no additional setup or external configuration to send prompts. All AI interactions are securely managed within PortSwigger's AI platform.

AI credits

AI credits are the currency for using AI features in Burp. When an extension interacts with an LLM, it deducts credits from your balance. The cost varies depending on the number and complexity of AI requests needed.

All Burp users currently receive 10,000 free AI credits. You can buy extra AI credits from the PortSwigger site.

Examples

To explore practical examples, check out our extension repository. It contains ready-made extensions that demonstrate how to integrate AI features using the Montoya API. This includes a new AI-enabled version of our popular Hackvertor extension, created by Gareth Heyes from PortSwigger Research.

More information

Was this article helpful?