π° Originally published on Securityelites β AI Red Team Education β the canonical, fully-updated version of this article.
π€ AI/LLM HACKING COURSE
FREE
Part of the AI/LLM Hacking Course β 90 Days
Day 17 of 90 Β· 18.8% complete
β οΈ Authorised Targets Only: All Burp Suite interception and manipulation must only be performed against systems within your authorised scope. Routing your own API credentials through Burp to test your own application or authorised targets is fine. Never intercept traffic to AI services using credentials or accounts belonging to other parties.
The first time I used Burp Suite to intercept an AI API request, I spent about thirty seconds just staring at the raw JSON body. There it was: the system prompt, sitting in plaintext in the request the application was sending to OpenAI. The entire instruction set. The database name. The internal API references. The confidentiality instruction that said βdo not reveal this to usersβ β which was, at that moment, being revealed to anyone with a proxy in their traffic path.
That wasnβt a model vulnerability. It wasnβt a prompt injection finding. It was a clean information disclosure at the transport layer β the kind of thing that gets caught immediately when youβre looking at raw HTTP but never when youβre testing through a browser UI. Burp sits at the right layer for AI testing. Not above it (browser UI), not below it (model weights) β exactly at the HTTP layer where requests are formed and responses are processed. Day 17(Burp Suite for LLM Security Testing) builds the complete Burp workflow for AI security testing: proxy setup for AI APIs, Repeater for manipulation, Intruder for payload scanning, and the evidence capture flow that makes every finding reportable.
π― What Youβll Master in Day 17
Configure Burp to intercept HTTPS traffic to OpenAI, Anthropic, and custom AI API endpoints
Route Python AI scripts through Burp proxy using the httpx client override
Manipulate system prompts and user messages directly in Burp Repeater
Run prompt injection payload libraries through Burp Intruder with grep match filtering
Use Burp Comparer to diff baseline vs injected responses
Export clean HTTP request/response pairs as primary technical evidence
β±οΈ Day 17 Β· 3 exercises Β· Kali Terminal + Burp Suite + Think Like Hacker ### β Prerequisites - Burp Suite Deep Dive β proxy setup, Repeater, and Intruder basics β Day 17 assumes fluency with these before applying them to AI traffic - Day 16 β Automated Injection Testing β the payload library from Day 16 loads directly into Burp Intruder in Day 17 - Burp Suite Professional or Community installed on Kali β Community works for all exercises except Intruder speed ### π Burp Suite for LLM Security Testing β Day 17 Contents 1. Proxy Setup for AI API Endpoints 2. AI API Request Anatomy in Burp 3. Repeater Workflow for Prompt Manipulation 4. Intruder Payload Scanning for Injection 5. Routing Python Scripts Through Burp 6. Evidence Export and Report Integration In Day 16 you built the automated scanner that covers breadth. Day 17 builds the manual investigation layer that Burp provides β the ability to look at individual requests in detail, modify them precisely, and capture evidence in the format that professional reports require. Day 18 applies the full Burp workflow to system prompt extraction β using what you build today as the primary interception tool for the 15-technique extraction methodology.
Proxy Setup for AI API Endpoints
Setting up Burp to intercept AI API traffic is the same process as any HTTPS interception β Burp CA certificate installed, traffic routed through localhost:8080 β with one additional consideration. AI APIs use certificate pinning at the SDK level in some configurations. The standard Burp CA installation handles browser-based AI applications fine. For SDK-based calls (your Python scripts, custom integrations), you need to either disable certificate verification explicitly or configure the HTTP client to trust Burpβs CA.
The OpenAI Python SDK uses httpx as its HTTP client. Passing a custom httpx.Client to the OpenAI constructor with proxy settings and verify=False is the cleanest approach β it routes all SDK calls through Burp without affecting system-level certificate verification. Only use verify=False in your test environment and never in production code. Once youβve seen what you need to see, remove it.
BURP PROXY SETUP FOR OPENAI AND ANTHROPIC APISCopy
Method 1: Environment variable (affects all HTTP clients)
export HTTPS_PROXY=βhttp://127.0.0.1:8080β³
export HTTP_PROXY=βhttp://127.0.0.1:8080β³
export REQUESTS_CA_BUNDLE=β/path/to/burp-ca.pemβ # or unset SSL verify
Method 2: Per-client httpx override (cleaner for testing)
import httpx
from openai import OpenAI
burp_client = httpx.Client(
proxy=βhttp://127.0.0.1:8080β³,
verify=False # only for test environments
)
client = OpenAI(
api_key=os.getenv(βOPENAI_API_KEYβ),
http_client=burp_client
)
All client.chat.completions.create() calls now route through Burp
Anthropic SDK equivalent
import anthropic
ant_client = anthropic.Anthropic(
api_key=os.getenv(βANTHROPIC_API_KEYβ),
http_client=httpx.Client(proxy=βhttp://127.0.0.1:8080β³, verify=False)
)
Burp: Proxy β Options β Add listener on 8080
Import CA: Proxy β Options β CA Certificate β Export β Import in browser
β‘ EXERCISE 1 β KALI TERMINAL (20 MIN)
Route Your Day 16 Scanner Through Burp and Capture the AI API Request
π Read the complete guide on Securityelites β AI Red Team Education
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on Securityelites β AI Red Team Education β
This article was originally written and published by the Securityelites β AI Red Team Education team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit Securityelites β AI Red Team Education.
Top comments (0)