Supports command-line interaction with the server's endpoints using curl commands for intercepting requests, viewing proxy history, starting scans, and analyzing logs.
Uses .env files for configuration management, allowing customization of server settings, BurpSuite API connection details, and proxy settings.
Built on FastAPI to provide a web API interface for BurpSuite functionality, with Swagger UI and ReDoc documentation available.
Provides programmatic access to BurpSuite's core functionalities, including intercepting and modifying HTTP/HTTPS traffic, performing active and passive security scanning, and logging HTTP traffic for vulnerability detection.
Offers Swagger UI documentation at /docs endpoint to explore and test the API's capabilities interactively.
🛡️ BurpSuite MCP Server
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
🚀 Features
🔄 Proxy Tool
- Intercept and modify HTTP/HTTPS traffic
- View and manipulate requests/responses
- Access proxy history
- Real-time request/response manipulation
🔍 Scanner Tool
- Active and passive scanning
- Custom scan configurations
- Real-time issue tracking
- Scan status monitoring
📝 Logger Tool
- Comprehensive HTTP traffic logging
- Advanced filtering and search
- Vulnerability detection
- Traffic analysis
- Suspicious pattern detection
🎯 Vulnerability Detection
Automatically detects multiple types of vulnerabilities:
- 🔥 XSS (Cross-Site Scripting)
- 💉 SQL Injection
- 🗂️ Path Traversal
- 📁 File Inclusion
- 🌐 SSRF (Server-Side Request Forgery)
- 📄 XXE (XML External Entity)
- 🔒 CSRF (Cross-Site Request Forgery)
- 🔄 Open Redirect
- ⚡ Command Injection
🛠️ Setup
- Clone the repository
- Install Dependencies
- Configure Environment
- Start the Server
The server will start on http://localhost:8000
📊 Analysis Features
Traffic Analysis
- Total requests count
- Unique URLs
- HTTP method distribution
- Status code distribution
- Content type analysis
- Average response time
Vulnerability Analysis
- Vulnerability type summary
- Top vulnerable endpoints
- Suspicious patterns
- Real-time vulnerability detection
Log Filtering
- By HTTP method
- By status code
- By URL pattern
- By content type
- By content length
- By time range
- By vulnerability type
🔒 Security Considerations
- Run in a secure environment
- Configure appropriate authentication
- Use HTTPS in production
- Keep BurpSuite API key secure
- Monitor and audit access
📚 API Documentation
For detailed API documentation, visit:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
Cursor Integration
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor
directory contains all necessary configuration files:
Configuration Files
settings.json
: Contains MCP server configuration- Server host and port settings
- Endpoint configurations
- BurpSuite proxy settings
- Logger settings
- Python interpreter path
tasks.json
: Defines common tasks- Start MCP Server
- Run Vulnerability Tests
- Check Vulnerabilities
launch.json
: Contains debugging configurations- Debug MCP Server
- Debug Vulnerability Tests
Using in Cursor
- Open the project in Cursor
- The MCP server configuration will be automatically loaded
- Access features through:
- Command Palette (Ctrl+Shift+P) for running tasks
- Debug menu for debugging sessions
- Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000
with the following endpoints:
/proxy/intercept
for request interception/logger
for logging functionality/logger/vulnerabilities/severity
for vulnerability analysis
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol (MCP) server that provides JSON-RPC functionality through OpenRPC.Last updated -2733JavaScriptApache 2.0
- -securityFlicense-qualityA Model Context Protocol (MCP) server implementation for interacting with Phabricator API. This server allows LLMs to interact with Phabricator through a standardized interface.Last updated -5Python
- -security-license-qualityA Model Context Protocol (MCP) server that interacts with system APIs, allowing users to check connections, search employees, register breakfast, and update chemical information by shifts.Last updated -2
- AsecurityAlicenseAqualityA Model Context Protocol (MCP) server for Claude Desktop that connects to 302AI's API services, allowing users to integrate and leverage 302AI capabilities through a structured communication interface.Last updated -9706JavaScriptMIT License