BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
What is X3r0K BurpSuite MCP Server
🛡️ BurpSuite MCP Server
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
*
*
*
*
🚀 Features
🔄 Proxy Tool
- Intercept and modify HTTP/HTTPS traffic
- View and manipulate requests/responses
- Access proxy history
- Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com",
"method": "GET",
"headers": {"User-Agent": "Custom"},
"intercept": true
}'
# View proxy history
curl "http://localhost:8000/proxy/history"
🔍 Scanner Tool
- Active and passive scanning
- Custom scan configurations
- Real-time issue tracking
- Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
-H "Content-Type: application/json" \
-d '{
"target_url": "https://example.com",
"scan_type": "active",
"scan_configurations": {
"scope": "strict",
"audit_checks": ["xss", "sqli"]
}
}'
# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"
# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"
📝 Logger Tool
- Comprehensive HTTP traffic logging
- Advanced filtering and search
- Vulnerability detection
- Traffic analysis
- Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"
# Search logs
curl "http://localhost:8000/logger/logs?search=password"
# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"
# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"
# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"
curl "http://localhost:8000/logger/vulnerabilities/severity"
🎯 Vulnerability Detection
Automatically detects multiple types of vulnerabilities:
- 🔥 XSS (Cross-Site Scripting)
- 💉 SQL Injection
- 🗂️ Path Traversal
- 📁 File Inclusion
- 🌐 SSRF (Server-Side Request Forgery)
- 📄 XXE (XML External Entity)
- 🔒 CSRF (Cross-Site Request Forgery)
- 🔄 Open Redirect
- ⚡ Command Injection
🛠️ Setup
- Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
- Install Dependencies
pip install -r requirements.txt
- Configure Environment
# Copy .env.example to .env
cp .env.example .env
# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000
- Start the Server
python main.py
The server will start on http://localhost:8000
📊 Analysis Features
Traffic Analysis
- Total requests count
- Unique URLs
- HTTP method distribution
- Status code distribution
- Content type analysis
- Average response time
Vulnerability Analysis
- Vulnerability type summary
- Top vulnerable endpoints
- Suspicious patterns
- Real-time vulnerability detection
Log Filtering
- By HTTP method
- By status code
- By URL pattern
- By content type
- By content length
- By time range
- By vulnerability type
🔒 Security Considerations
- Run in a secure environment
- Configure appropriate authentication
- Use HTTPS in production
- Keep BurpSuite API key secure
- Monitor and audit access
📚 API Documentation
For detailed API documentation, visit:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc !image
Cursor Integration
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:
Configuration Files
-
settings.json: Contains MCP server configuration- Server host and port settings
- Endpoint configurations
- BurpSuite proxy settings
- Logger settings
- Python interpreter path
-
tasks.json: Defines common tasks- Start MCP Server
- Run Vulnerability Tests
- Check Vulnerabilities
-
launch.json: Contains debugging configurations- Debug MCP Server
- Debug Vulnerability Tests
Using in Cursor
- Open the project in Cursor
- The MCP server configuration will be automatically loaded
- Access features through:
- Command Palette (Ctrl+Shift+P) for running tasks
- Debug menu for debugging sessions
- Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000 with the following endpoints:
/proxy/interceptfor request interception/loggerfor logging functionality/logger/vulnerabilities/severityfor vulnerability analysis
!image
!image
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- BurpSuite - The original security testing tool
- FastAPI - The web framework used
- Python - The programming language used
Leave a Comment
Frequently Asked Questions
What is MCP?
MCP (Model Context Protocol) is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications, providing a standardized way to connect AI models to different data sources and tools.
What are MCP Servers?
MCP Servers are lightweight programs that expose specific capabilities through the standardized Model Context Protocol. They act as bridges between LLMs like Claude and various data sources or services, allowing secure access to files, databases, APIs, and other resources.
How do MCP Servers work?
MCP Servers follow a client-server architecture where a host application (like Claude Desktop) connects to multiple servers. Each server provides specific functionality through standardized endpoints and protocols, enabling Claude to access data and perform actions through the standardized protocol.
Are MCP Servers secure?
Yes, MCP Servers are designed with security in mind. They run locally with explicit configuration and permissions, require user approval for actions, and include built-in security features to prevent unauthorized access and ensure data privacy.
Related MCP Servers
chrisdoc hevy mcp
sylphlab pdf reader mcp
An MCP server built with Node.js/TypeScript that allows AI agents to securely read PDF files (local or URL) and extract text, metadata, or page counts. Uses pdf-parse.
aashari mcp server atlassian bitbucket
Node.js/TypeScript MCP server for Atlassian Bitbucket. Enables AI systems (LLMs) to interact with workspaces, repositories, and pull requests via tools (list, get, comment, search). Connects AI directly to version control workflows through the standard MCP interface.
aashari mcp server atlassian confluence
Node.js/TypeScript MCP server for Atlassian Confluence. Provides tools enabling AI systems (LLMs) to list/get spaces & pages (content formatted as Markdown) and search via CQL. Connects AI seamlessly to Confluence knowledge bases using the standard MCP interface.
prisma prisma
Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite, MongoDB and CockroachDB
Zzzccs123 mcp sentry
mcp sentry for typescript sdk
zhuzhoulin dify mcp server
zhongmingyuan mcp my mac
zhixiaoqiang desktop image manager mcp
MCP 服务器,用于管理桌面图片、查看详情、压缩、移动等(完全让Trae实现)
zhixiaoqiang antd components mcp
An MCP service for Ant Design components query | 一个减少 Ant Design 组件代码生成幻觉的 MCP 服务,包含系统提示词、组件文档、API 文档、代码示例和更新日志查询
Submit Your MCP Server
Share your MCP server with the community
Submit Now