Skip to main content
Glama
enesjakozh

BurpSuite MCP Server

by X3r0K
GitHub
Python
MIT License
48
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

🚀 Features

🔄 Proxy Tool

  • Intercept and modify HTTP/HTTPS traffic
  • View and manipulate requests/responses
  • Access proxy history
  • Real-time request/response manipulation
# Intercept a request curl -X POST "http://localhost:8000/proxy/intercept" \ -H "Content-Type: application/json" \ -d '{ "url": "https://example.com", "method": "GET", "headers": {"User-Agent": "Custom"}, "intercept": true }' # View proxy history curl "http://localhost:8000/proxy/history"

🔍 Scanner Tool

  • Active and passive scanning
  • Custom scan configurations
  • Real-time issue tracking
  • Scan status monitoring
# Start a new scan curl -X POST "http://localhost:8000/scanner/start" \ -H "Content-Type: application/json" \ -d '{ "target_url": "https://example.com", "scan_type": "active", "scan_configurations": { "scope": "strict", "audit_checks": ["xss", "sqli"] } }' # Check scan status curl "http://localhost:8000/scanner/status/scan_1" # Stop a scan curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

📝 Logger Tool

  • Comprehensive HTTP traffic logging
  • Advanced filtering and search
  • Vulnerability detection
  • Traffic analysis
  • Suspicious pattern detection
# Get filtered logs curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200" # Search logs curl "http://localhost:8000/logger/logs?search=password" # Get vulnerability analysis curl "http://localhost:8000/logger/vulnerabilities" # Get comprehensive analysis curl "http://localhost:8000/logger/analysis" # Clear logs curl -X DELETE "http://localhost:8000/logger/clear" curl "http://localhost:8000/logger/vulnerabilities/severity"

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

  • 🔥 XSS (Cross-Site Scripting)
  • 💉 SQL Injection
  • 🗂️ Path Traversal
  • 📁 File Inclusion
  • 🌐 SSRF (Server-Side Request Forgery)
  • 📄 XXE (XML External Entity)
  • 🔒 CSRF (Cross-Site Request Forgery)
  • 🔄 Open Redirect
  • ⚡ Command Injection

🛠️ Setup

  1. Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git cd BurpSuite-MCP-Server
  1. Install Dependencies
pip install -r requirements.txt
  1. Configure Environment
# Copy .env.example to .env cp .env.example .env # Update the values in .env BURP_API_KEY=Your_API_KEY BURP_API_HOST=localhost BURP_API_PORT=1337 BURP_PROXY_HOST=127.0.0.1 BURP_PROXY_PORT=8080 MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000
  1. Start the Server
python main.py

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

  • Total requests count
  • Unique URLs
  • HTTP method distribution
  • Status code distribution
  • Content type analysis
  • Average response time

Vulnerability Analysis

  • Vulnerability type summary
  • Top vulnerable endpoints
  • Suspicious patterns
  • Real-time vulnerability detection

Log Filtering

  • By HTTP method
  • By status code
  • By URL pattern
  • By content type
  • By content length
  • By time range
  • By vulnerability type

🔒 Security Considerations

  1. Run in a secure environment
  2. Configure appropriate authentication
  3. Use HTTPS in production
  4. Keep BurpSuite API key secure
  5. Monitor and audit access

📚 API Documentation

For detailed API documentation, visit:

  • Swagger UI: http://localhost:8000/docs
  • ReDoc: http://localhost:8000/redoc image

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

  1. settings.json: Contains MCP server configuration
    • Server host and port settings
    • Endpoint configurations
    • BurpSuite proxy settings
    • Logger settings
    • Python interpreter path
  2. tasks.json: Defines common tasks
    • Start MCP Server
    • Run Vulnerability Tests
    • Check Vulnerabilities
  3. launch.json: Contains debugging configurations
    • Debug MCP Server
    • Debug Vulnerability Tests

Using in Cursor

  1. Open the project in Cursor
  2. The MCP server configuration will be automatically loaded
  3. Access features through:
    • Command Palette (Ctrl+Shift+P) for running tasks
    • Debug menu for debugging sessions
    • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

  • /proxy/intercept for request interception
  • /logger for logging functionality
  • /logger/vulnerabilities/severity for vulnerability analysis

image

image

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • BurpSuite - The original security testing tool
  • FastAPI - The web framework used
  • Python - The programming language used

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

  1. 🚀 Features
    1. 🔄 Proxy Tool
    2. 🔍 Scanner Tool
    3. 📝 Logger Tool
    4. 🎯 Vulnerability Detection
  2. 🛠️ Setup
    1. 📊 Analysis Features
      1. Traffic Analysis
      2. Vulnerability Analysis
      3. Log Filtering
    2. 🔒 Security Considerations
      1. 📚 API Documentation
        1. Cursor Integration
          1. Configuration Files
          2. Using in Cursor
        2. 📝 License
          1. 🙏 Acknowledgments

            Related MCP Servers

            • Supabase MCP Server

              JoshuaRileyDev
              A
              security
              F
              license
              A
              quality
              A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.
              Last updated -
              8
              388
              46

            • MCP-Guide

              qpd-v
              A
              security
              A
              license
              A
              quality
              A beginner-friendly Model Context Protocol (MCP) server that helps users understand MCP concepts, provides interactive examples, and lists available MCP servers. This server is designed to be a helpful companion for developers working with MCP. Also comes with a huge list of servers you can install.
              Last updated -
              3
              300
              61
              Apache 2.0

            • MCP Server

              la-rebelion
              -
              security
              A
              license
              -
              quality
              MCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.
              Last updated -
              2
              4
              MIT License

            • MCP Server

              agentico-dev
              -
              security
              A
              license
              -
              quality
              MCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.
              Last updated -
              5
              3
              MIT License

            View all related MCP servers

            Appeared in Searches

            New MCP Servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/X3r0K/BurpSuite-MCP-Server'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server