AI Prompt Fuzzer

AI Prompt Fuzzer is a Burp Suite extension designed to help security professionals test AI-based applications for prompt injection vulnerabilities. With the rapid rise of large language models (LLMs) in sensitive contexts such as customer support, content generation, and automated decision-making, traditional tools often fall short in detecting LLM-specific security issues. This extension fills that gap by automating prompt fuzzing against AI APIs using customizable payloads, helping identify abnormal or unsafe model behavior.

The tool sends predefined prompts to the target API and flags responses that contain specified validation strings, indicating a potential vulnerability or misbehavior. It handles challenges unique to LLMs, such as non-deterministic responses, by recommending strategies like asking the model to echo specific phrases when accepting a prompt.

Features

• Automated fuzzing of LLM prompts using payloads defined in XML format.
• Customizable validation strings to identify potential breaks in AI behavior.
• Request editor with placeholder insertion for dynamic payload injection.
• Log table showing each request's time, method, URL, status, length, and break status.
• Detailed request and response viewer for each fuzzed interaction.
• Built-in payload viewer and editor with support for loading default payloads.
• Filters and sorting by status, break state, and response size for easy analysis.
• Option to URL-encode or escape characters in payloads to ensure compatibility with target applications.
• Detection of response anomalies using adjustable match thresholds (e.g., minimum count of validation string).
• Integration with other Burp tools using right-click context menu -> Send to Repeater/Intruder.

Usage

1. Send a target request to the extension using the right-click menu -> Extensions -> AI Prompt Fuzzer -> Send Request.
2. Insert a placeholder (e.g., [PLACEHOLDER]) in the desired location of the request where payloads will be injected.
3. Load payloads from a local XML file or rely on the built-in default payloads.
4. Click Send Payloads to begin fuzzing. Each payload replaces the placeholder and is sent as an individual request.
5. Use the log table to view and sort the results. Highlighted rows indicate a potential break based on the validate string found in the response.
6. Adjust detection sensitivity using the "Minimum count of the validate string for potential break" option if needed.
7. Send any logged request to Repeater or Intruder for further manual analysis.
8. Customize or review payloads using the View Payloads feature. Edits are made directly in the table view.

Payloads should be formatted as follows:

<?xml version="1.0" encoding="UTF-8"?>
<payloads>
  <payload>
    <inject>payload string - must ask the AI/LLM to respond with "specific text"</inject>
    <validate>specific text</validate>
  </payload>
</payloads>

Ensure any XML special characters in payloads are escaped properly (e.g., ", ', <, >, &).