Burp Suite bridge¶
PDX connects to Burp Suite through a Java extension and a Python proxy bridge. This allows HTTP deltas captured during web pentests to flow through the same dual-use pipeline as HYDRA's SSH sessions.
Why Burp integration matters¶
HYDRA captures passive data — attackers come to you. But security research also requires active data — you go to the target. The Burp bridge closes that gap.
Both sources produce the same .pdx delta format, go through the same DataRouter, and feed the same training generators. A model fine-tuned on PDX data learns from both real attacker behavior (HYDRA) and professional pentest methodology (Burp).
Architecture¶
graph LR
B[Burp Suite] --> E[Java Extension]
E --> P[Python Proxy Bridge]
P --> R[PDX DataRouter]
R --> D[Defensive stream]
R --> O[Offensive stream]
Java extension (burp_extension/pdx_burp.py + burp_java/)¶
The extension hooks into Burp's HTTP handler and extracts:
- Request method, URL, headers, body
- Response status, headers, body
- Timing information
- Identified parameters and injection points
Python proxy bridge (burp_bridge.py)¶
The bridge receives extracted data from the Java extension and:
- Converts HTTP request/response pairs into
.pdxdeltas - Classifies each delta by type (INJECTION, AUTH_BYPASS, MISCONFIG, INFO_LEAK, etc.)
- Generates a 16D delta vector for each observation
- Forwards everything to the DataRouter
Delta types from Burp¶
| Delta type | HTTP trigger | Example |
|---|---|---|
INJECTION | SQLi, XSS, SSTI in parameters | POST /login with ' OR 1=1-- |
AUTH_BYPASS | IDOR, broken access control | GET /api/users/2 without auth |
MISCONFIG | CORS *, missing headers | Access-Control-Allow-Origin: * |
INFO_LEAK | Stack traces, version headers | Server: Apache/2.4.49 |
FILE_UPLOAD | Unrestricted upload | PUT /upload accepting .php |
CRYPTO_WEAK | Weak TLS, broken crypto | TLS 1.0, expired certificates |
SSRF | Server-side request forgery | /api/fetch?url=http://169.254.169.254/ |
Usage¶
# 1. Start the Python proxy bridge
python burp_bridge.py --port 8089
# 2. In Burp Suite, load the Java extension
# Extender → Add → Python → select burp_extension/pdx_burp.py
# 3. Configure the extension to point to the proxy
# Extension tab → PDX Bridge → Host: localhost, Port: 8089
# 4. Browse/scan targets normally in Burp
# Every finding is automatically converted to .pdx format
# 5. Run the DataRouter on the collected data
python -m pdx.training.data_router split
python -m pdx.training.data_router generate --all
Scan specifications¶
PDX ships with 15 YAML spec files that define what to look for during a web scan:
| Spec file | Coverage |
|---|---|
injection.yaml | SQLi, XSS, SSTI, command injection |
auth.yaml | Authentication bypass, session fixation |
cors.yaml | CORS misconfiguration |
cookies.yaml | Cookie security flags |
headers.yaml | Security headers (CSP, HSTS, etc.) |
tls.yaml | TLS configuration |
infrastructure.yaml | Server configuration |
js_client.yaml | Client-side JavaScript vulnerabilities |
api.yaml | API-specific issues |
These specs work with the PDX router — each spec defines expected vs. observed behavior, and the router scores the delta.