mirror of
https://github.com/th30d4y/BURP-AI.git
synced 2026-05-26 19:36:34 +00:00
v1.0 Release: Add comprehensive documentation (DISCLAIMER, COLLABORATION, SECURITY, CHANGELOG, SECURITY_ADVISORY)
This commit is contained in:
Stalin-143
+143
@@ -0,0 +1,143 @@
|
||||
# CHANGELOG
|
||||
|
||||
All notable changes to BurpAI will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [1.0] - 2026-03-23
|
||||
|
||||
### ✨ Added
|
||||
|
||||
#### Core Features
|
||||
- **AI-Powered Analysis:** Integration with multiple AI models (Kimi, DeepSeek, GLM, Qwen, LLaMA, Mistral, etc.)
|
||||
- **Chat Interface:** Interactive chat display with message history and timestamps
|
||||
- **HTTP Capture:** Real-time HTTP request/response capture via IHttpListener
|
||||
- **Context Menu Integration:** Right-click "Send to BurpAI" functionality in Proxy, Repeater, and Target tabs
|
||||
- **Native Repeater:** Built-in request/response editor using Burp's native message editors
|
||||
- **History Table:** Complete request history with method, host, path, and status columns
|
||||
|
||||
#### Security & Configuration
|
||||
- **API Key Management:** First-load dialog for API key configuration
|
||||
- **Persistent Storage:** Secure configuration storage in `~/.burpaai/config.json`
|
||||
- **Model Selection:** Dropdown to switch between 11 supported AI models
|
||||
- **Auto-Analysis:** Optional automatic analysis checkbox for captured requests
|
||||
|
||||
#### UI/UX
|
||||
- **Professional Dark Theme:** Dark mode interface matching Burp Suite aesthetics
|
||||
- **Responsive Layout:** BorderLayout with horizontal/vertical split panels
|
||||
- **Toolbar:** Compact toolbar with API key input, model selector, and status indicator
|
||||
- **Split Panes:** Resizable panels for chat, history, and repeater sections
|
||||
|
||||
#### Technical
|
||||
- **Threading:** Non-blocking async operations using Java threading
|
||||
- **Error Handling:** Comprehensive try-catch blocks with detailed logging
|
||||
- **Jython 2.7 Compatible:** Full compatibility with Jython 2.7 in Burp Suite
|
||||
- **Memory Optimized:** Configurable history limit (default: 1000 entries)
|
||||
- **Clean Imports:** Explicit Java/Swing imports without generic java. prefix
|
||||
|
||||
### 🔧 Fixed
|
||||
|
||||
- Fixed HTTP capture not triggering (IHttpListener properly registered)
|
||||
- Fixed chat display null pointer exceptions
|
||||
- Fixed Jython module caching issues with defensive getattr() wrappers
|
||||
- Fixed API key loading on first run
|
||||
- Fixed message editor initialization errors
|
||||
|
||||
### 📚 Documentation
|
||||
|
||||
- `README.md` - Comprehensive setup and usage guide
|
||||
- `DISCLAIMER.md` - Legal notice and warranty disclaimer
|
||||
- `SECURITY.md` - Security policy and vulnerability reporting
|
||||
- `COLLABORATION.md` - Contribution guidelines
|
||||
- `CHANGELOG.md` - This file
|
||||
|
||||
### 🔐 Security
|
||||
|
||||
- No known vulnerabilities at release
|
||||
- All third-party dependencies reviewed
|
||||
- HTTPS-only API communication
|
||||
- Input validation and sanitization
|
||||
- No telemetry or external tracking
|
||||
|
||||
### 📦 Dependencies
|
||||
|
||||
- Python 2.7+ (via Jython)
|
||||
- Burp Suite API (IBurpExtender, ITab, IHttpListener, IContextMenuFactory)
|
||||
- Java 8+ (Swing, AWT components)
|
||||
- urllib2/urllib (HTTP requests)
|
||||
|
||||
### 🚀 Known Limitations
|
||||
|
||||
- Jython 2.7 limits some Python 3 features
|
||||
- AI responses depend on selected model quality
|
||||
- API rate limits apply (model/vendor specific)
|
||||
- Local storage of chat history (not encrypted)
|
||||
- Single API key per extension instance
|
||||
|
||||
### 🎯 Future Roadmap
|
||||
|
||||
- [ ] Multi-API support (rotate between providers)
|
||||
- [ ] Encrypted local storage for chat history
|
||||
- [ ] Export analysis reports (PDF, JSON)
|
||||
- [ ] Custom prompt templates
|
||||
- [ ] Multi-language support
|
||||
- [ ] Machine learning for pattern recognition
|
||||
- [ ] Integration with other Burp plugins
|
||||
- [ ] Web UI alternative
|
||||
|
||||
### 💻 Installation
|
||||
|
||||
1. Download `burpaai.py`
|
||||
2. In Burp Suite: Extensions → Add → Select file
|
||||
3. On first load: Enter your AI API key
|
||||
4. Start analyzing requests!
|
||||
|
||||
### 🙏 Contributors
|
||||
|
||||
Initial release developed with focus on:
|
||||
- Production-grade code quality
|
||||
- Jython 2.7 compatibility
|
||||
- Professional UI/UX
|
||||
- Security best practices
|
||||
- Comprehensive documentation
|
||||
|
||||
---
|
||||
|
||||
## Versioning
|
||||
|
||||
- **1.0** (March 23, 2026) - Initial public release
|
||||
|
||||
### Semantic Versioning
|
||||
|
||||
- **MAJOR** (1.0.0): Breaking changes or major new features
|
||||
- **MINOR** (1.0.0): New features, backward compatible
|
||||
- **PATCH** (1.0.1): Bug fixes, no new features
|
||||
|
||||
### Release Schedule
|
||||
|
||||
- Security patches: As needed
|
||||
- Minor updates: Every 2-4 weeks
|
||||
- Major updates: As warranted by community feedback
|
||||
|
||||
---
|
||||
|
||||
## How to Report Issues
|
||||
|
||||
Found a bug? Please report it on [GitHub Issues](https://github.com/Stalin-143/BURP-AI/issues)
|
||||
|
||||
Include:
|
||||
- BurpAI version
|
||||
- Burp Suite version
|
||||
- OS and Python version
|
||||
- Steps to reproduce
|
||||
- Error logs/stacktrace
|
||||
|
||||
## Security Updates
|
||||
|
||||
Security vulnerabilities should be reported privately. See [SECURITY.md](SECURITY.md) for details.
|
||||
|
||||
---
|
||||
|
||||
**Last Updated:** March 23, 2026
|
||||
**Current Stable Release:** 1.0
|
||||
Reference in New Issue
Block a user