Sponsored by Deepsite.site

MCP.so

🛡️ BurpSuite MCP Server

Created By
MCP-Mirror8 months ago
Mirror of
# burpsuite
# mcp-server
OverviewContentToolsComments
Content

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

Python FastAPI License

🚀 Features

🔄 Proxy Tool

  • Intercept and modify HTTP/HTTPS traffic
  • View and manipulate requests/responses
  • Access proxy history
  • Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "method": "GET",
    "headers": {"User-Agent": "Custom"},
    "intercept": true
  }'

# View proxy history
curl "http://localhost:8000/proxy/history"

🔍 Scanner Tool

  • Active and passive scanning
  • Custom scan configurations
  • Real-time issue tracking
  • Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com",
    "scan_type": "active",
    "scan_configurations": {
      "scope": "strict",
      "audit_checks": ["xss", "sqli"]
    }
  }'

# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"

# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

📝 Logger Tool

  • Comprehensive HTTP traffic logging
  • Advanced filtering and search
  • Vulnerability detection
  • Traffic analysis
  • Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"

# Search logs
curl "http://localhost:8000/logger/logs?search=password"

# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"

# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"

# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"

curl "http://localhost:8000/logger/vulnerabilities/severity"

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

  • 🔥 XSS (Cross-Site Scripting)
  • 💉 SQL Injection
  • 🗂️ Path Traversal
  • 📁 File Inclusion
  • 🌐 SSRF (Server-Side Request Forgery)
  • 📄 XXE (XML External Entity)
  • 🔒 CSRF (Cross-Site Request Forgery)
  • 🔄 Open Redirect
  • ⚡ Command Injection

🛠️ Setup

  1. Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
  1. Install Dependencies
pip install -r requirements.txt
  1. Configure Environment
# Copy .env.example to .env
cp .env.example .env

# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000
  1. Start the Server
python main.py

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

  • Total requests count
  • Unique URLs
  • HTTP method distribution
  • Status code distribution
  • Content type analysis
  • Average response time

Vulnerability Analysis

  • Vulnerability type summary
  • Top vulnerable endpoints
  • Suspicious patterns
  • Real-time vulnerability detection

Log Filtering

  • By HTTP method
  • By status code
  • By URL pattern
  • By content type
  • By content length
  • By time range
  • By vulnerability type

🔒 Security Considerations

  1. Run in a secure environment
  2. Configure appropriate authentication
  3. Use HTTPS in production
  4. Keep BurpSuite API key secure
  5. Monitor and audit access

📚 API Documentation

For detailed API documentation, visit:

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

  1. settings.json: Contains MCP server configuration

    • Server host and port settings
    • Endpoint configurations
    • BurpSuite proxy settings
    • Logger settings
    • Python interpreter path

  2. tasks.json: Defines common tasks

    • Start MCP Server
    • Run Vulnerability Tests
    • Check Vulnerabilities

  3. launch.json: Contains debugging configurations

    • Debug MCP Server
    • Debug Vulnerability Tests

Using in Cursor

  1. Open the project in Cursor
  2. The MCP server configuration will be automatically loaded
  3. Access features through:
    • Command Palette (Ctrl+Shift+P) for running tasks
    • Debug menu for debugging sessions
    • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

  • /proxy/intercept for request interception
  • /logger for logging functionality
  • /logger/vulnerabilities/severity for vulnerability analysis

image

image

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • BurpSuite - The original security testing tool
  • FastAPI - The web framework used
  • Python - The programming language used
Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题; Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
TimeA Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
CursorThe AI Code Editor
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
Serper MCP ServerA Serper MCP Server
Playwright McpPlaywright MCP server
DeepChatYour AI Partner on Desktop
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Amap Maps高德地图官方 MCP Server
Tavily Mcp
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
ChatWiseThe second fastest AI chatbot™
Context7Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
WindsurfThe new purpose-built IDE to harness magic