Skip to main content
The Indie Security browser extension integrates with Burp Suite to capture authenticated sessions and complex user flows.

Overview

Session Capture

Record authenticated browsing sessions for the AI to replay.

Auth Flow Recording

Mark login sequences so the AI can authenticate automatically.

Traffic Analysis

All captured traffic feeds into the knowledge graph.

Real-Time Sync

Traffic syncs instantly with your Indie Security assessment.

Installation

1

Download Extension

Download the extension from your dashboard:DashboardIntegrationsBrowser ExtensionDownload
2

Install in Burp Suite

  1. Open Burp Suite
  2. Go to ExtensionsInstalled
  3. Click Add
  4. Select Extension Type: Java
  5. Choose the downloaded .jar file
  6. Click Next
Extension appears in the Extensions list with status “Loaded”.
3

Configure Connection

Configure the extension with your API credentials:
  1. Go to the Indie Security tab in Burp
  2. Enter your API key: is_live_xxxxxxxxxxxxx
  3. Enter target ID: target_123
  4. Click Connect
Find your API key in DashboardSettingsAPI Keys.

Usage

Capturing Traffic

Simply browse your application with Burp proxy enabled. All traffic is automatically captured and sent to Indie Security.
Passive capture works in the background—no additional action needed.

Marking Auth Flows

Record authentication sequences so the AI can replicate login:
1

Start Auth Recording

Click Record Auth Flow before logging in.
2

Perform Login

Log into your application normally.
3

Stop Recording

Click Stop Recording after successful login.
4

Verify

The extension shows captured:
  • Login URL
  • Form fields
  • Success indicators
Auth flows are encrypted and stored securely. They’re only used by AI agents during assessments.

Features

Full HTTP traffic including:
  • Headers
  • Cookies
  • Request bodies
  • Response content
  • Timing information
Automatic extraction of:
  • Session cookies
  • JWT tokens
  • CSRF tokens
  • Custom auth headers
Configure which domains to capture:
# Include patterns
*.example.com
api.example.com

# Exclude patterns
analytics.example.com
cdn.example.com
Real-time sync status showing:
  • Requests captured
  • Upload queue
  • Sync errors
  • Connection status

Troubleshooting

  • Ensure you’re using Burp Suite Professional or Community
  • Verify Java version compatibility (Java 11+)
  • Check for conflicting extensions
  • Verify API key is correct
  • Check target ID exists
  • Ensure network connectivity to api.indiesecurity.com
  • Check scope includes your target domain
  • Verify proxy is intercepting traffic
  • Review sync queue for errors

Next Steps

Spider Phase

Start crawling with captured sessions.

Authentication Setup

Configure authentication for AI agents.