- Endpoint Guessing Logic: The script uses the OpenAI API to guess potential endpoints based on the path of an HTTP request.
- Selecting a Request for Analysis: It identifies the request to analyze based on a specific annotation ("aaa") added to a request in Burp Suite's history.
- Operating System Compatibility: Designed to work on both Windows and Unix-like operating systems (Linux/macOS) by adapting file paths and command execution methods according to the OS.
- Curl Command: Constructs a curl command to send a request to the OpenAI API, including details about the HTTP request path for endpoint guessing.
-
Add Your OpenAI API Key:
- Locate the line containing the curl command.
- Replace
XYZinAuthorization: Bearer XYZwith your actual OpenAI API key. - Example:
"-H \"Authorization: Bearer sk-yourapikeyhere\""
-
Adjust the File Paths:
- The script writes output to specific file paths, which you may need to adjust based on your system.
- For Windows: Change the paths in these lines:
filePath = "C:\\Users\\User\\Path\\httpRequest.txt"; endpointsPath = "C:\\Users\\User\\Path\\endpoints.txt";
- For Unix/Linux/macOS: Change the paths in these lines:
filePath = "/home/kali/Desktop/httpRequest.txt"; endpointsPath = "/home/kali/Desktop/endpoints.txt";
- Ensure the directories exist or create them as needed.
-
Marking and Changing Requests for Analysis:
- In Burp Suite's history, add a note containing "aaa" to any request you wish to analyze with this script.
- To analyze a different request, first remove or change the "aaa" note from the currently marked request, then add "aaa" to the new request you want to analyze.
- This method allows you to selectively process requests from Burp Suite's history.
-
Ensure Compatibility:
- The script detects the operating system and adjusts command execution accordingly. No changes are needed here unless you encounter issues specific to your environment.