Abstract
Pentesters today deal with an overwhelming volume of HTTP traffic, yet most AI-assisted tools sit outside the real workflow. VISTA is an open-source Burp Suite extension built to fix that by bringing context-aware AI reasoning directly into Proxy and Repeater. With a simple right-click β “Send to VISTA” β the tool extracts the request, strips sensitive headers when enabled, and applies a structured template engine to generate targeted guidance: potential attack paths, payload ideas, and analysis tailored to that specific request.
This talk walks through how VISTA works under the hood: its request-scoped chat memory model, the template selection logic, how traffic is normalized before being sent to an LLM, and the safeguards added to prevent accidental data leakage. Rather than claiming AI “finds” vulnerabilities, this session focuses on the concrete technical engineering behind safely integrating AI into offensive tooling.