GitHub - own2pwn-fr/burpwn: Transparent intercepting proxy + sandbox + agent interface for AI-driven web pentesting (Burp, but for AI agents) · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
own2pwn-fr
burpwn
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>19 Commits<br>19 Commits
.github/workflows
.github/workflows
crates
crates
skills/burpwn
skills/burpwn
training
training
.gitignore
.gitignore
CHANGELOG.md
CHANGELOG.md
Cargo.lock
Cargo.lock
Cargo.toml
Cargo.toml
LICENSE
LICENSE
Makefile
Makefile
README.md
README.md
install.sh
install.sh
View all files
Repository files navigation
burpwn
A transparent intercepting proxy + execution sandbox + agent interface for AI-driven web pentesting.
burpwn is to an AI agent what Burp Suite is to a human pentester. It runs every command an agent<br>executes inside a rootless Linux sandbox whose entire network (HTTP/HTTPS/DNS/TCP) is forced<br>through a built-in intercepting proxy. The agent can then go back through history, search and filter<br>the decrypted request/response flows, replay and edit them (Repeater), apply match/replace rules,<br>block and rewrite traffic in flight, and organize flows into workspaces — all from a scriptable CLI<br>or over MCP. It is at once a Burp and a tshark, but driven by an agent.
Status: early development. See the milestones below.
Why
Existing intercepting proxies are built for a human clicking in a GUI. An autonomous agent needs a<br>programmatic surface: create a session, run tooling, and query the captured traffic — without the<br>agent's own LLM traffic ever being captured. burpwn delivers exactly that: the agent process stays<br>outside the sandbox; only the commands it executes (its children) enter the captured network<br>namespace, so LLM traffic is excluded by construction.
How it works
Rootless transparent sandbox. Each executed command runs in its own Linux user + network<br>namespace. An nftables REDIRECT ruleset inside that namespace forces all TCP (and UDP/53) to the<br>burpwn proxy. bubblewrap isolates the filesystem and processes. No root, no setuid, no CAP_NET_ADMIN<br>on the host — the kernel grants the needed capability inside the child namespace.
TLS-MITM. A per-install root CA is generated once; leaf certs are minted on the fly per SNI and<br>the CA is injected into the sandbox trust store so HTTPS is decrypted. Cert-pinned targets fall back<br>cleanly to TLS pass-through with metadata-only logging.
Capture & query. Flows are stored in a per-session SQLite database (WAL, content-addressed body<br>dedup, FTS5 full-text search) written by a single-writer task off the proxy hot path.
Agent integration (rtk-style). burpwn init installs the right command-rewrite hook for the<br>detected agent (Claude Code / Copilot, Cursor, Gemini CLI, Cline/Roo), plus a generic global shell<br>hook so even a custom agent is covered.
Usage (target surface)
burpwn doctor # check the rootless prerequisites<br>burpwn ca init && burpwn ca export # generate / print the MITM CA<br>burpwn session new --name engagement-1<br>burpwn exec -- curl -s https://target.example/ # runs sandboxed; traffic captured + decrypted<br>burpwn req list # browse captured flows<br>burpwn req show 42 --raw # decrypted request + response<br>burpwn req replay 42 --set-header 'X: 1' # Repeater<br>burpwn intercept enable # blocking intercept (also via MCP await_intercept)
Install
Linux-only (relies on user/network namespaces, nftables, bubblewrap). Install the prerequisites<br>first — Fedora/RHEL: sudo dnf install bubblewrap nftables iproute; Debian/Ubuntu:<br>sudo apt install bubblewrap nftables iproute2.
# one-liner: download the prebuilt binary, install to ~/.local/bin, generate the CA, run preflight<br>curl -fsSL https://raw.githubusercontent.com/own2pwn-fr/burpwn/main/install.sh | sh
# from a checkout (builds from source if no prebuilt binary fits your arch)<br>./install.sh # ./install.sh --hooks also installs the global shell hook<br>./install.sh --from-source # force a source build
# or via cargo /...