Burp suite enterprise6/7/2023 ![]() IAM policies often represent a tangled complex web of privilege assignments. “EscalateGPT appears to be a very promising tool. This tool therefore demonstrates how LLMs can play a role in reducing manual testing for web application developers, and can be used to partially automate the vulnerability discovery process. In the report, Tenable noted that BurpGPT has proved successful at identifying cross site scripting (XSS) vulnerabilities and misconfigured HTTP headers. ![]() “Its output should of course always be checked against the decompiled code and against the disassembly, but this is par for the course for the reverse engineer.” BurpGPT: The web app security AI assistantĪnother promising solution is BurpGPT, an extension for application testing software Burp Suite that enables users to use GPT to analyze HTTP requests and responses.īurpGPT intercepts HTTP traffic and forwards it to the OpenAI API, at which point the traffic is analyzed to identify risks and potential fixes. “It goes without saying of course that the output of G-3PO, just like any automated tool, should be taken with a grain of salt and in the case of this tool, probably with several tablespoons of salt,” Fraser said. While this can save time, in a YouTube video explaining how G-3PO works, Olivia Fraser, Tenable’s zero-day researcher, warns that researchers should always double-check the output for accuracy. As a result the researcher can understand the code’s function without having to analyze it manually. G-3PO automates the process by sending Ghidra’s decompiled C code to an LLM (supporting models from OpenAI and Anthropic) and requests an explanation for what the function does. Traditionally, a human analyst would need to analyze this against the original assembly listing to ascertain how a piece of code functions. ![]() Developed by the NSA, G-3PO is a tool that disassembles code and decompiles it into “something resembling source code” in the C programming language. One of the key tools outlined in the research is G- 3PO, a translation script for the reverse engineering framework Ghidra. Register Now Automating reverse engineering with G-3PO
0 Comments
Leave a Reply. |