home.social
Sign in Create account

#burpai — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #burpai, aggregated by home.social.

  1. faker @[email protected] ·

    Having had a cursory glance at Burp AI, there is just an instant dealbreaker: you have no control which requests it sends to your target.
    Let's say you tell it "find a RCE in this parameter", nothing stops it from injecting "rm -rf /*" or exfiltrating all ssh keys to pastebin because it learned that from some weird medium blog post or CTF write up.
    Not being able to review the requests before they are fired is insane.

    You might say, an active scan also does that. Sure, but they are curated and static. The payloads won't just change every minute.

    #BurpAI #BurpSuite

    #burpai #burpsuite
  2. faker @[email protected] ·

    Having had a cursory glance at Burp AI, there is just an instant dealbreaker: you have no control which requests it sends to your target.
    Let's say you tell it "find a RCE in this parameter", nothing stops it from injecting "rm -rf /*" or exfiltrating all ssh keys to pastebin because it learned that from some weird medium blog post or CTF write up.
    Not being able to review the requests before they are fired is insane.

    You might say, an active scan also does that. Sure, but they are curated and static. The payloads won't just change every minute.

    #BurpAI #BurpSuite

    #burpai #burpsuite
  3. faker @[email protected] ·

    Having had a cursory glance at Burp AI, there is just an instant dealbreaker: you have no control which requests it sends to your target.
    Let's say you tell it "find a RCE in this parameter", nothing stops it from injecting "rm -rf /*" or exfiltrating all ssh keys to pastebin because it learned that from some weird medium blog post or CTF write up.
    Not being able to review the requests before they are fired is insane.

    You might say, an active scan also does that. Sure, but they are curated and static. The payloads won't just change every minute.

    #BurpAI #BurpSuite

    #burpai #burpsuite
  4. faker @[email protected] ·

    Having had a cursory glance at Burp AI, there is just an instant dealbreaker: you have no control which requests it sends to your target.
    Let's say you tell it "find a RCE in this parameter", nothing stops it from injecting "rm -rf /*" or exfiltrating all ssh keys to pastebin because it learned that from some weird medium blog post or CTF write up.
    Not being able to review the requests before they are fired is insane.

    You might say, an active scan also does that. Sure, but they are curated and static. The payloads won't just change every minute.

    #BurpAI #BurpSuite

    #burpsuite #burpai
  5. faker @[email protected] ·

    Having had a cursory glance at Burp AI, there is just an instant dealbreaker: you have no control which requests it sends to your target.
    Let's say you tell it "find a RCE in this parameter", nothing stops it from injecting "rm -rf /*" or exfiltrating all ssh keys to pastebin because it learned that from some weird medium blog post or CTF write up.
    Not being able to review the requests before they are fired is insane.

    You might say, an active scan also does that. Sure, but they are curated and static. The payloads won't just change every minute.

    #BurpAI #BurpSuite

    #burpai #burpsuite