# Changelog

## 🚀 v3.1.0

### 🌟 Major New Features

#### 🤖 AI Scanner

AI-powered reconnaissance that analyzes HTTP requests and responses to identify attack surfaces automatically. The AI Scanner extracts parameters, detects reflection contexts programmatically, fingerprints technologies, and recommends the most relevant scan profiles from your library. When auto-scan is enabled, recommended profiles are automatically launched as active scans.

**Key capabilities:**

* Multi-provider support: OpenAI, Anthropic, Google Gemini, OpenRouter, and Local (Ollama)
* Programmatic response analysis with reflection context detection (HTML body, JavaScript, CSS, attributes, event handlers, URL attributes, headers)
* Comprehensive profile taxonomy with parameter name correlations for SQLi, XSS, RCE, LFI, SSTI, SSRF, XXE, CRLF, Open Redirect, and IDOR
* Technology fingerprinting (WordPress, Jira, Spring, Grafana, GraphQL, Drupal, Symfony, and more)
* Customizable system and user prompts via Edit Prompts dialog
* 12-field structured output per finding with confidence calibration and priority ranking
* Auto-scan: automatically launches matched active profiles from AI recommendations
* Pause, resume, and cancel per-entry controls

#### 🔎 Scan Scope (Per-Host Deduplication)

New `scanScope` field for active profiles. Per-URL (default, `scanScope=0`) runs on every URL; Per-Host (`scanScope=1`) runs once per `host:port`, with deduplication tracked via a thread-safe ConcurrentHashMap. Ideal for path discovery profiles, fixed-path CVE probes, and raw request profiles. 63 of 256 default profiles use per-host scope.

#### 📊 Redesigned Scanners Tab

The Scanner tab is now organized into dedicated sub-tabs:

* **Active** — Per-request active scan logging with request/response viewers
* **Passive** — Passive scan results with matched profile tracking
* **Smart** — Smart Scan rule matches and launched profile tracking
* **AI** — AI Scanner entries with status, findings, and full JSON response
* **Live** — Real-time passive scan activity

Each sub-tab has its own results table, entry controls, and request/response viewers.

#### ⚡ Context-Aware Scanner Settings

The URL Filter popup now adapts its settings based on the scan type:

* Active Scan: Threads, Active Concurrency, Requests/sec
* Smart Scan: Threads, Passive Concurrency, Active Concurrency, Requests/sec
* Passive Scan: Threads, Passive Concurrency
* AI Scanner: Threads, AI Analysis Concurrency, Active Concurrency, Requests/sec

***

### 🖥️ UI Improvements

* 🔵 **Active tab highlighting** — The Active sub-tab highlights in blue when Smart Scan or AI Scanner launches active scans, indicating new activity
* 🟢 **Live scan button styling** — Green background with white text when Live Passive Scan is active
* ⚠️ **API Key popup** — Warning dialog when launching AI Scanner without an API key configured, with direct navigation to Settings
* 🔧 **AI Scanner settings dialog** — Configure provider, API key, model, endpoint, prompts, enable/disable, and auto-scan toggle
* 📏 **Fixed-width fields** — API Key and Endpoint fields use fixed 700px width for consistent layout

***

### ⚡ Scanning Improvements

* 🔎 **Per-host scan deduplication** — Profiles with `scanScope=1` skip subsequent URLs on the same host:port
* 🤖 **AI-powered profile recommendation** — AI Scanner matches findings to available active profiles by name (case-insensitive)
* 📨 **Passive scanner entry tracking** — Per-request tracking of passive scan results with matched profile names
* 🧠 **Smart scanner entry tracking** — Per-request tracking of rule matches and launched profiles
* 💾 **Settings auto-save on unload** — AI Scanner settings are saved from current UI state when the extension unloads, even without clicking Save
* 🔄 **Prompt auto-update** — Outdated saved prompts (missing new schema fields) are automatically reset to defaults

***

## 🚀 v3.0.0

### 🌟 Major New Features

#### 🔗 Multi-Step Scanning

Profiles now support multiple steps, enabling complex attack chains and multi-stage vulnerability testing. Each step can define its own payloads, match rules, and detection logic. Includes cookie reuse across steps for authenticated workflows, per-step request/response viewing in scan results, and path discovery per step.

#### 🔧 Global Variables System

New user-managed variable system from the Variables tab. Define and customize variables like `{REDIRECT_DOMAIN}`, `{BC}`, `{RANDOM}`, `{CURRENT_URL}`, `{CURRENT_HOST}`, `{CURRENT_PORT}`, `{CURRENT_COOKIES}`, `{CURRENT_USER_AGENT}`, `{CURRENT_REFERER}`, and more. Custom variables are dynamically replaced in payloads, greps, and raw requests.

#### ⏱️ Time-Based Detection Engine

New time delay matching logic for detecting timing-based vulnerabilities (e.g., sleep-based SQL injection, blind command injection). Supports three comparison modes: "Between", "Greater than", and "Less than", with configurable thresholds. Fully integrated into multi-step scanning workflows.

#### 🔍 URL Filtering for All Scan Types

Filter URLs popup now appears before Active, Passive, and Smart scanning, giving full control over scope, domains, and file extensions before launching scans.

#### 🎯 Stop-on-First-Match Optimization

When a payload matches for a given profile and insertion point, remaining payloads for that combination are automatically skipped. Uses `AtomicBoolean.compareAndSet()` for thread-safe deduplication, reducing redundant issues from 6+ to 1-2 per insertion point.

#### ⚡ Per-Scan Scanner Settings

Thread pool size, concurrency, and requests per second are now configured **per scan** in the URL Filter popup. Each scan creates its own independent thread pool with the configured number of threads, allowing different scans to run with different performance settings simultaneously. Scanner settings have been removed from the global Options tab.

#### ⏸️ Pause & Resume with PausableThreadPoolExecutor

True thread-safe pause/resume using a custom `PausableThreadPoolExecutor` that uses `ReentrantLock` and `Condition` for zero-loss state management. Threads block at safe synchronization points during pause and resume exactly where they left off. Paused time is tracked and excluded from scan duration and timeout calculations.

#### 🏷️ Tag-Based Passive Scan Launching

Passive scans can now be launched from the right-click context menu with **tag-based filtering**. The Passive Scan submenu organizes profiles by type (Request/Response) and tag, with profile counts displayed next to each tag. This enables focused passive scanning — run only security header checks, or only secret detection profiles, instead of running all passive profiles.

#### 📊 Tags Column and Set New Tag for Passive Profiles

All three profile tables (Active, Passive Request, Passive Response) now share the same layout with a **Tags column** showing assigned tags. The right-click context menu on all tables includes **Enable**, **Disable**, and **Set New Tag** options. Selecting multiple profiles and using Set New Tag tags them all at once.

***

### 🖥️ New UI Features

* 🪟 **Non-modal Dialogs** — All profile, rule, and tag editors are now non-blocking. Edit profiles while interacting with Burp Suite.
* 📋 **Profile & Rule Duplication** — "Duplicate" button on all profile tabs and Rules with automatic naming.
* 🖱️ **Double-click to Edit** — Double-click any profile or rule row to open the editor.
* 🔴 **Payload & Grep Markers** — Highlighted in red for better visibility.
* 📐 **Improved Grep Table** — Increased height for better readability.
* 📊 **Consistent Profile Tables** — All three profile tables (Active, Passive Request, Passive Response) now have identical columns (Enabled, Profile Name, Tags, Author's Twitter) and context menus.

***

### ⚡ Scanning Efficiency Improvements

* ⏸️ **PausableThreadPoolExecutor** — Thread pool that supports pause/resume without terminating threads, with precise paused-time tracking.
* 🧵 **Per-scan thread pools** — Each scan creates its own independent thread pool with configurable threads, concurrency, and RPS.
* 📈 **Request rate limiting** — Configurable requests per second per scan.
* 🔽 **Early filtering pipeline** — URL extension, response code, and content-type checks before making HTTP requests.
* 🔄 **Duplicate avoidance** — Tracks scanned combinations to prevent re-scanning.
* 🛡️ **Redirect loop protection** — Maximum 30 redirects per request chain.
* ⏱️ **Scan timeout detection** — Configurable timeout (default 60 minutes) marks scans as Failed. Paused time excluded.
* 📥 **Queue-based task management** for efficient scheduling and idle detection.
* 🔢 **Atomic scan ID generation** for thread-safe concurrent scan management.
* 🚫 **Passive scan exclusion list** — Automatic filtering of static file extensions.
* ⚙️ **Grep matching optimization** — AND/OR logic with short-circuit evaluation.
* 🔒 **Max concurrent scans** with graceful 30-minute shutdown timeout.

***

### 🏷️ Tag System Improvements

* 📊 **Tags column** on all profile tables (Active, Passive Request, Passive Response)
* ✏️ **Set New Tag** right-click menu on all three profile tables
* 👁️ **Tag-based passive scan submenu** with profile counts per tag
* 📨📩 **Separate Request/Response tag submenus** for focused passive scanning
* 🔤 **Alphabetical tag sorting** with "All" always at the top
* ✅ **Duplicate "All" prevention** — The "All" tag is no longer duplicated in submenus

***

### 🔑 License & Configuration

* 🪪 **LicenseSpring Integration** — Professional license management.
* 💾 **Persistent Settings** — All configuration persisted across Burp Suite sessions.
* 📂 **Auto-load BurpBountyData** — Automatic profile loading on first launch.

***

### 📊 Dashboard

* 👀 **Dual-view Dashboard** — Per-request log with host, method, path, status, response time, rule/profile name, severity, and confidence. Summary view aggregates by domain.
* 📡 **Scanner Log** — Real-time scan progress with pause/resume/stop controls.
* 👁️ **Live Passive Scan toggle** — Enable/disable automatic passive scanning from the Dashboard.

***

### 🎨 UI Polish

* ⚡ Streamlined Options tab (scanner settings moved to per-scan popup)
* ℹ️ Updated About page
* 🔗 Improved multi-step configuration layout