SILENTCHAIN AI™ - Community Edition

Note: This is the Community Edition. Commercial and Professional Editions with advanced features are available separately.

🌟 Overview

SILENTCHAIN AI™ - Community Edition is a Burp Suite extension that brings the power of artificial intelligence to web application security testing. Using advanced AI models, SILENTCHAIN performs intelligent passive analysis of HTTP traffic to identify OWASP Top 10 vulnerabilities, security misconfigurations, and potential attack vectors.

Why SILENTCHAIN?

Traditional security scanners rely on predefined signatures and patterns. SILENTCHAIN AI™ goes beyond with:

• 🧠 AI-Powered Analysis: Leverages state-of-the-art language models (Ollama, OpenAI, Claude, Claude Code, Gemini) for intelligent vulnerability detection
• 🎯 Context-Aware Detection: Understands application logic and business context, not just pattern matching
• ⚡ Real-Time Scanning: Analyzes traffic as it flows through Burp's proxy
• 📊 Professional Reporting: Generates detailed findings with CWE, OWASP mappings, and remediation guidance
• 🔄 Zero False Positives: AI validation reduces noise and focuses on real vulnerabilities
• 🆓 Community Edition: Free passive analysis capabilities

✨ Features

Core Capabilities

🔍 Passive AI Analysis

• Real-time traffic analysis through Burp Proxy
• OWASP Top 10 vulnerability detection
• CWE-mapped security findings
• Intelligent confidence scoring

🎨 Professional UI

• Modern, intuitive dashboard
• Live findings panel with severity color-coding
• Task tracking and management
• Integrated console logging

🤖 Multi-AI Support

• Ollama (Local, free, privacy-focused)
• OpenAI (GPT-4, GPT-3.5)
• Claude (Anthropic)
• Claude Code (Anthropic CLI)
• Gemini (Google)

📋 Smart Reporting

• Detailed vulnerability descriptions
• Affected parameters identification
• CWE and OWASP mappings
• Remediation recommendations
• Direct links to security resources

Vulnerability Detection

SILENTCHAIN AI™ detects a wide range of security issues including:

🚀 Quick Start

Prerequisites

• Burp Suite (Community or Professional)
• Java 8+ (required by Burp)
• Jython (for Python extensions, typically bundled with Burp)
• AI Provider (one of the following):
  • Ollama (Free, local)
  • OpenAI API key
  • Claude API key
  • Claude Code CLI (Anthropic)
  • Gemini API key

Installation

Method 1: From BApp Store (Recommended)

1. Open Burp Suite
2. Go to Extender → BApp Store
3. Search for "SILENTCHAIN AI"
4. Click Install

Method 2: Manual Installation

1. Download the Extension

   • Download silentchain_ai_community.py from this repository or the Burp Suite BApp Store

2. Load in Burp Suite

   • Open Burp Suite
   • Go to Extender → Extensions → Add
   • Set Extension type: Python (or Jython)
   • Select the downloaded silentchain_ai_community.py file
   • Click Next

3. Configure AI Provider

   • Go to SILENTCHAIN tab in Burp
   • Click ⚙ Settings
   • Configure your AI provider (see Configuration)
   • Click Test Connection
   • Click Save

4. Start Scanning

   • Set your target scope in Burp (Target → Scope)
   • Browse the target application through Burp's proxy
   • SILENTCHAIN will automatically analyze traffic
   • View findings in the Findings panel and Burp's Issue Activity

Requirements

• Cross-platform: Windows, macOS, Linux
• Burp Suite (Community or Professional)
• Jython (for Python extensions)

🔧 Configuration

AI Provider Setup

Option 1: Ollama (Recommended for Beginners)

Free, local, no API keys required

1. Install Ollama:

   # macOS/Linux
   curl -fsSL https://ollama.ai/install.sh | sh
   
   # Windows
   # Download from https://ollama.ai/download

2. Pull a model:

   ollama pull deepseek-r1
   # or
   ollama pull llama3

3. Configure SILENTCHAIN:

   • Provider: Ollama
   • API URL: http://localhost:11434
   • Model: deepseek-r1:latest

Option 2: OpenAI

1. Get API key from platform.openai.com

2. Configure SILENTCHAIN:

   • Provider: OpenAI
   • API URL: https://api.openai.com/v1
   • API Key: sk-...
   • Model: gpt-4 or gpt-3.5-turbo

Option 3: Claude (Anthropic)

1. Get API key from console.anthropic.com

2. Configure SILENTCHAIN:

   • Provider: Claude
   • API URL: https://api.anthropic.com/v1
   • API Key: Your Anthropic API key
   • Model: claude-3-5-sonnet-20241022

Option 4: Google Gemini

1. Get API key from makersuite.google.com

2. Configure SILENTCHAIN:

   • Provider: Gemini
   • API URL: https://generativelanguage.googleapis.com/v1
   • API Key: Your Google API key
   • Model: gemini-1.5-pro

Settings Reference

📖 Documentation

How It Works

1. Traffic Interception: SILENTCHAIN monitors HTTP requests/responses through Burp Proxy
2. Scope Filtering: Only analyzes in-scope targets (configure in Burp's Target Scope)
3. AI Analysis: Sends request/response data to AI for security analysis
4. Vulnerability Detection: AI identifies security issues based on OWASP Top 10 patterns
5. Finding Generation: Creates detailed reports with severity, confidence, and remediation
6. Deduplication: Prevents duplicate findings for the same URL/parameter combination

Finding Confidence Levels

UI Components

📊 Statistics Panel

• Total Requests: HTTP requests analyzed
• Analyzed: Successfully processed
• Skipped (Duplicate): Prevented redundant analysis
• Findings Created: Total vulnerabilities found
• Errors: Analysis failures

📋 Active Tasks

• Shows currently processing requests
• Status tracking (Queued, Analyzing, Completed)
• Duration timing

🔍 Findings Panel

• All detected vulnerabilities
• Severity-based color coding:
  • 🔴 High - Critical vulnerabilities
  • 🟠 Medium - Important security issues
  • 🟡 Low - Minor vulnerabilities
  • 🔵 Information - Security notes
• Confidence levels
• Discovery timestamps

🖥️ Console

• Real-time logging
• AI connection status
• Analysis progress
• Error messages

🎯 Usage Examples

Basic Workflow

1. Set Target Scope

   Burp → Target → Scope → Add
   Example: https://example.com/*

2. Browse Application

   • Configure browser proxy to Burp (127.0.0.1:8080)
   • Navigate through the target application
   • SILENTCHAIN analyzes in the background

3. Review Findings

   • Check SILENTCHAIN → Findings panel
   • Or Target → Issue Activity (integrated with Burp)

Context Menu Analysis

Right-click any request in:

• Proxy History
• Site Map
• Repeater

Select: SILENTCHAIN - Analyze Request

This forces analysis even if the URL was previously scanned.

Manual Verification

1. Select a finding in the Findings panel
2. Review the detailed description
3. Check affected parameters
4. Follow CWE/OWASP links for more information
5. Manually test using Burp Repeater/Intruder

🆚 Community vs Professional

⬆️ Upgrade to Professional

SILENTCHAIN Professional adds active verification capabilities:

• 🎯 Phase 2 Verification: Automatically validates findings with exploit payloads
• 🛡️ WAF Detection: Identifies and adapts to web application firewalls
• 📚 Curated Payload Libraries: Battle-tested OWASP payloads
• 🌐 OOB Testing: Detects blind vulnerabilities (SSRF, XXE, etc.)
• 🔄 Burp Intruder Integration: Auto-configures fuzzing attacks
• ⚡ Smart Fuzzing: AI-generated payloads for maximum coverage

See it in action — watch the full SILENTCHAIN Professional demo to see AI-powered active verification, WAF evasion, and automated fuzzing at work.

Contact us for commercial licensing and professional editions: [email protected]

🛠️ Troubleshooting

Common Issues

"AI connection test failed"

Solution:

• Check AI provider is running (Ollama: ollama list)
• Verify API URL is correct
• For cloud providers, confirm API key is valid
• Check network connectivity

"No findings detected"

Solution:

• Verify target is in scope (Target → Scope)
• Ensure traffic is flowing through Burp Proxy
• Check Console for errors
• Try manual analysis (right-click → SILENTCHAIN - Analyze Request)

"Extension fails to load"

Solution:

• Verify Burp Suite version (Community/Pro)
• Check Python environment (Jython 2.7)
• Review Extender → Errors tab
• Ensure file permissions are correct

High Memory Usage

Solution:

• Reduce Max Tokens setting (Settings → AI Provider)
• Clear completed tasks regularly
• Use lighter AI models (e.g., llama3 instead of deepseek-r1)

Debug Mode

Enable verbose logging:

1. Settings → Advanced
2. Check Verbose Logging
3. Review Console for detailed output

🤝 Contributing

This project does not accept outside contributions. See CONTRIBUTING.md for details.

Reporting Bugs

1. Check existing issues
2. Create a new issue with:
   • Burp Suite version
   • SILENTCHAIN version
   • AI provider/model
   • Steps to reproduce
   • Error messages (from Console)

Feature Requests

Open an issue with tag enhancement:

• Describe the feature
• Explain use case
• Provide examples if possible

📄 License

SILENTCHAIN AI™ CE is source-visible but proprietary software. By using this software, you agree to the terms in the LICENSE file.

PortSwigger BApp Store

PortSwigger Ltd. is granted explicit permission to redistribute, host, and bundle this software within Burp Suite and the BApp Store free of charge to users. All other redistribution is prohibited without written permission.

⚖️ Responsible Use

Do not use this software for unauthorized access or activities outside systems you own or have explicit permission to test.

Data Handling

• Local Processing: SILENTCHAIN runs entirely within Burp Suite
• No Data Collection: We don't collect or transmit usage data
• AI Provider Privacy:
  • Ollama: Completely local, no external communication
  • Cloud Providers: Data sent to respective AI services (OpenAI, Claude, Gemini)

Best Practices

1. Use Ollama for sensitive testing (100% local, private)
2. Review AI Provider Terms before using cloud services
3. Never test production without authorization
4. Sanitize Data if sharing logs/findings

💬 Support & Community

Get Help

• 📚 Documentation: Documentation
• 🐛 Issues: GitHub Issues
• ✉️ Email: [email protected]

Stay Updated

• ⭐ Star this repository
• 👁️ Watch for updates
• 🐦 Twitter: @SilentChainAI

🙏 Acknowledgments

Built by:

• @xer0dayz at @Sn1perSecurity LLC

Built with:

• Burp Suite by PortSwigger
• Ollama for local AI
• OpenAI for GPT models
• Anthropic for Claude
• Google for Gemini

Inspired by the security community's dedication to making the web safer.

™️ Trademark Notice

"SILENTCHAIN AI™", "SILENTCHAIN™", and the SILENTCHAIN AI logo are trademarks of SN1PERSECURITY LLC. Unauthorized use is prohibited.