image Get the whitepaper, toolkits & remediation guides → http1mustdie.com

Professional

Using Burp AI in Repeater

  • Last updated: August 7, 2025

  • Read time: 4 Minutes

Burp AI is built into Repeater, enabling you to run custom prompts against any tab. This flexible workflow gives you full control over what Burp AI examines, making it easy to tailor each task to your needs. For example, you can analyze a suspicious request, test for a specific vulnerability, or ask for suggestions on what to try next when you're unsure how to proceed.

Note

To use Burp AI, you'll need AI credits. If your credits run out mid-task, Burp pauses the task until you top up. For details, see AI Credits.

Running a Burp AI task from Repeater

You can run a Burp AI task on any Repeater tab that has a specified target. The tab does not need to contain HTTP messages, but including them improves Burp AI's analysis. For more information on configuring targets, see Working with HTTP messages in Burp Repeater.

To run a Burp AI task in Repeater:

  1. Open the Repeater tab you want to use.

  2. [Optional] Highlight part of the request or response to focus the AI's attention.

  3. Click Burp AI. Burp displays a prompt dialog.

  4. Enter a prompt. For more information on writing effective prompts for Burp AI, see Writing effective prompts for Burp AI.

  5. Optionally, select the parts of the message you want to include as context. For more information on managing context in your prompts, see Managing context.

  6. Click the arrow to start the exploration. Burp adds the task to the Dashboard > Tasks panel.

Burp displays a notification when the task starts. Click View task to open it, or dismiss the notification to continue working.

Note

Burp AI does not retain a conversation history. Include all necessary context in each prompt

Completed tasks are saved to your project file.

Managing context

Before you start the task, you can choose what information Burp AI uses to guide its analysis. Providing the right context improves the relevance and quality of the response.

By default, Burp AI includes the full request and response as context.

Adding highlighted areas

If you've highlighted part of the request or response, you can include it specifically. This can help focus the AI's attention on a specific area of interest, such as a suspicious parameter or unusual response value.

To add a highlighted area as specific context, click the + button and select it from the list.

Adding notes

You can also include any notes you've added to the current Repeater tab.

To do so, click the + button and select Include my notes. Burp adds the entire contents of Repeater's Notes panel for the tab.

For more information on adding notes in Repeater, see Adding notes for HTTP Repeater tabs.

Removing items from the context

To remove a context item, click the x button on its lozenge in the prompt dialog.

To re-add removed context items, click the + button and select the item from the menu.

Note

Burp AI uses the context as a starting point. While it focuses on the information you provide, it may also test other related behavior if needed to complete the task.

Reviewing AI task results

To view an AI task:

  1. Go to the Dashboard.

  2. Select the task from the Tasks list.

Each AI task contains two tabs:

  • Task progress: a step-by-step log of the AI's actions

  • Logger: a full record of the traffic generated during the task

Task progress

This tab provides a step-by-step log of Burp AI's actions during the task. You can review the details of each step and perform follow up actions.

Burp AI can use both Repeater and Intruder to investigate Repeater tabs. The actions available in a given step differ depending on the tool used at that point:

Repeater:

  • To view the request and response, click Expand.

  • To open the request and response in a new Repeater tab for manual investigation, click Send to Repeater.

Intruder:

  • To open all HTTP messages in a new Intruder tab for further investigation, click Send to Intruder.

To navigate between steps, select them in the left-hand panel or search for them in the search bar. The first step in the task contains the prompt that was originally sent to Burp AI.

Once Burp AI completes the task, it creates a summary of key findings in the Task summary panel at the top of the tab. This enables you to review task results quickly.

Logger

The Logger tab contains a comprehensive record of all HTTP requests and responses generated during the task.

Tip

To pause the task, click the pause icon on the task card.

Ending an AI task

To end an AI task manually, select it and click Finish task. Tasks end automatically if the AI determines that it can't progress any further.

Trust and transparency in Burp AI

Burp AI is designed to be fully transparent and reproducible, ensuring you can trust findings and validate them manually.

Burp AI follows these core principles to ensure transparency and control:

  • Step-by-step visibility - Every action the AI takes is logged in the Task progress tab, so you can review its methodology in detail.

  • Manual verification - If you want to further investigate a step, you can send AI-generated requests to Repeater or Intruder for manual testing.

  • Data security - All Burp AI features process data within PortSwigger's secure trust boundary. Requests are handled in real time, and our AI providers do not store them.

  • User control - You control when Burp AI runs. Tasks only start when you activate them, and you can pause or stop them at any time.

Note

For more details on AI security and data handling, see AI security, privacy and data handling.