Skip to main content
Glama

BurpSuite MCP Server

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

MseeP.ai Security Assessment Badge Python FastAPI License

🚀 Features

🔄 Proxy Tool

  • Intercept and modify HTTP/HTTPS traffic

  • View and manipulate requests/responses

  • Access proxy history

  • Real-time request/response manipulation

# Intercept a request curl -X POST "http://localhost:8000/proxy/intercept" \ -H "Content-Type: application/json" \ -d '{ "url": "https://example.com", "method": "GET", "headers": {"User-Agent": "Custom"}, "intercept": true }' # View proxy history curl "http://localhost:8000/proxy/history"

🔍 Scanner Tool

  • Active and passive scanning

  • Custom scan configurations

  • Real-time issue tracking

  • Scan status monitoring

# Start a new scan curl -X POST "http://localhost:8000/scanner/start" \ -H "Content-Type: application/json" \ -d '{ "target_url": "https://example.com", "scan_type": "active", "scan_configurations": { "scope": "strict", "audit_checks": ["xss", "sqli"] } }' # Check scan status curl "http://localhost:8000/scanner/status/scan_1" # Stop a scan curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

📝 Logger Tool

  • Comprehensive HTTP traffic logging

  • Advanced filtering and search

  • Vulnerability detection

  • Traffic analysis

  • Suspicious pattern detection

# Get filtered logs curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200" # Search logs curl "http://localhost:8000/logger/logs?search=password" # Get vulnerability analysis curl "http://localhost:8000/logger/vulnerabilities" # Get comprehensive analysis curl "http://localhost:8000/logger/analysis" # Clear logs curl -X DELETE "http://localhost:8000/logger/clear" curl "http://localhost:8000/logger/vulnerabilities/severity"

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

  • 🔥 XSS (Cross-Site Scripting)

  • 💉 SQL Injection

  • 🗂️ Path Traversal

  • 📁 File Inclusion

  • 🌐 SSRF (Server-Side Request Forgery)

  • 📄 XXE (XML External Entity)

  • 🔒 CSRF (Cross-Site Request Forgery)

  • 🔄 Open Redirect

  • ⚡ Command Injection

🛠️ Setup

  1. Clone the repository

git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git cd BurpSuite-MCP-Server
  1. Install Dependencies

pip install -r requirements.txt
  1. Configure Environment

# Copy .env.example to .env cp .env.example .env # Update the values in .env BURP_API_KEY=Your_API_KEY BURP_API_HOST=localhost BURP_API_PORT=1337 BURP_PROXY_HOST=127.0.0.1 BURP_PROXY_PORT=8080 MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000
  1. Start the Server

python main.py

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

  • Total requests count

  • Unique URLs

  • HTTP method distribution

  • Status code distribution

  • Content type analysis

  • Average response time

Vulnerability Analysis

  • Vulnerability type summary

  • Top vulnerable endpoints

  • Suspicious patterns

  • Real-time vulnerability detection

Log Filtering

  • By HTTP method

  • By status code

  • By URL pattern

  • By content type

  • By content length

  • By time range

  • By vulnerability type

🔒 Security Considerations

  1. Run in a secure environment

  2. Configure appropriate authentication

  3. Use HTTPS in production

  4. Keep BurpSuite API key secure

  5. Monitor and audit access

📚 API Documentation

For detailed API documentation, visit:

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

  1. settings.json: Contains MCP server configuration

    • Server host and port settings

    • Endpoint configurations

    • BurpSuite proxy settings

    • Logger settings

    • Python interpreter path

  2. tasks.json: Defines common tasks

    • Start MCP Server

    • Run Vulnerability Tests

    • Check Vulnerabilities

  3. launch.json: Contains debugging configurations

    • Debug MCP Server

    • Debug Vulnerability Tests

Using in Cursor

  1. Open the project in Cursor

  2. The MCP server configuration will be automatically loaded

  3. Access features through:

    • Command Palette (Ctrl+Shift+P) for running tasks

    • Debug menu for debugging sessions

    • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

  • /proxy/intercept for request interception

  • /logger for logging functionality

  • /logger/vulnerabilities/severity for vulnerability analysis

image

image

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • BurpSuite - The original security testing tool

  • FastAPI - The web framework used

  • Python - The programming language used

-
security - not tested
A
license - permissive license
-
quality - not tested

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

  1. 🚀 Features
    1. 🔄 Proxy Tool
    2. 🔍 Scanner Tool
    3. 📝 Logger Tool
    4. 🎯 Vulnerability Detection
  2. 🛠️ Setup
    1. 📊 Analysis Features
      1. Traffic Analysis
      2. Vulnerability Analysis
      3. Log Filtering
    2. 🔒 Security Considerations
      1. 📚 API Documentation
        1. Cursor Integration
          1. Configuration Files
          2. Using in Cursor
        2. 📝 License
          1. 🙏 Acknowledgments

            Related MCP Servers

            • A
              security
              F
              license
              A
              quality
              A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.
              Last updated -
              88
              46
            • -
              security
              A
              license
              -
              quality
              MCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.
              Last updated -
              1
              4
              MIT License
            • -
              security
              A
              license
              -
              quality
              MCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.
              Last updated -
              0
              3
              MIT License

            View all related MCP servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/X3r0K/BurpSuite-MCP-Server'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server