Development of Burp plugin for sensitive information detection based on deepseek local large model

0 25
Chapter 1: Development BackgroundIn the process of penetration testing, traditio...

Chapter 1: Development Background

In the process of penetration testing, traditional regular expression matching methods have problems such as low coverage and high false positive rates. This article introduces how to use locally deployed large language models (such as Ollama) in combination with BurpSuite extension development technology to implement an intelligent sensitive information detection solution.

Chapter 2: Technical Architecture Design

![Architecture Diagram]
Burp Plugin (Python) -> Subprocess Call -> Ollama Local Model Service (REST API) -> Return Structured Detection Results

Development of Burp plugin for sensitive information detection based on deepseek local large model

System Workflow:

  1. Burp Captures HTTP Response Messages

  2. Calling Local Analysis Script via Subprocess

  3. Intelligent Analysis by Calling Ollama API

  4. Structured Parsing of Detection Results

  5. Displaying Alert Information in Burp Interface

Chapter 3: Core Code Analysis

Script 1: Main Program of Burp Extension (Key Code Analysis)

class BurpExtender(IBurpExtender, IHttpListener):
    def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
        if not messageIsRequest:  # Only process response messages
            response_body = self.helpers.bytesToString(response_bytes)
            result = self.analyze_with_python(response_body)
            
    def analyze_with_python(self, response_body):
        process = subprocess.Popen(
            ['python', 'analyze_with_ollama.py'],
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE
        )
        stdout, stderr = process.communicate(input=response_body.encode('utf-8'))

Technical points:

  1. ImplementationIHttpListenerInterface listens to HTTP response

  2. UsesubprocessModule calls external Python script

  3. Inter-process communication through standard input and output

  4. Error handling mechanism to ensure plugin stability

Script 2: Ollama local model call (key feature analysis)

PROMPT_TEMPLATE = """Please perform the following operation:"
1. Strictly detect the following sensitive data types...
2. Each detection item must contain...
3. Return strict JSON format...

def main():
    content = sys.stdin.read().strip()
    prompt = PROMPT_TEMPLATE.format(content[:5000])
    
    response = requests.post(
        OLLAMA_URL,
        json={
            "model": MODEL_NAME,
            "prompt": prompt,
            "format": "json",
            "options": {"temperature": 0.2}
        },
        timeout=TIMEOUT
    )
    
def validate_result(data):
    if not isinstance(data.get("contains_sensitive_data"), bool):
        return False
    for item in data.get("sensitive_items", []):
        required_keys = {"type", "value", "confidence"}

Innovative design:

  1. Multi-level sensitive data classification detection

  2. Context extraction mechanism (20 characters before and after)

  3. Confidence scoring system

  4. Strict JSON format verification

  5. Input content length limit (5000 characters)

Four, effects and test data of use

Verify the following scenarios in the test environment:

Test casesDetection rateFalse alarm rateAverage response time
API key leak98.2%1.5%2.3s
ID information leak95.7%2.1%3.1s
Medical data exposure92.4%
你可能想看:

In today's rapidly developing digital economy, data has become an important engine driving social progress and enterprise development. From being initially regarded as part of intangible assets to now

Data security can be said to be a hot topic in recent years, especially with the rapid development of information security technologies such as big data and artificial intelligence, the situation of d

As announced today, Glupteba is a multi-component botnet targeting Windows computers. Google has taken action to disrupt the operation of Glupteba, and we believe this action will have a significant i

d) Adopt identification technologies such as passwords, password technologies, biometric technologies, and combinations of two or more to identify users, and at least one identification technology sho

A Brief Discussion on the Establishment of Special Security Management Organizations for Operators of Key Information Infrastructure

Generative AI Red Team Testing: How to Effectively Evaluate Large Language Models

4.5 Main person in charge reviews the simulation results, sorts out the separated simulation issues, and allows the red and blue teams to improve as soon as possible. The main issues are as follows

Announcement regarding the addition of 7 units as technical support units for the Ministry of Industry and Information Technology's mobile Internet APP product security vulnerability database

Interpretation of Meicreate Technology's 'Security Protection Requirements for Key Information Infrastructure' (Part 1)

Distributed Storage Technology (Part 2): Analysis of the architecture, principles, characteristics, and advantages and disadvantages of wide-column storage and full-text search engines

最后修改时间:
admin

本文仅代表作者观点,不代表平台立场

内容由 admin 发布,转载请注明内容出处

上一篇 2025年03月28日 11:46
下一篇 2025年03月28日 12:08

评论已关闭