Supports command-line interaction with the server's endpoints using curl commands for intercepting requests, viewing proxy history, starting scans, and analyzing logs.
Uses .env files for configuration management, allowing customization of server settings, BurpSuite API connection details, and proxy settings.
Built on FastAPI to provide a web API interface for BurpSuite functionality, with Swagger UI and ReDoc documentation available.
Provides programmatic access to BurpSuite's core functionalities, including intercepting and modifying HTTP/HTTPS traffic, performing active and passive security scanning, and logging HTTP traffic for vulnerability detection.
Offers Swagger UI documentation at /docs endpoint to explore and test the API's capabilities interactively.
🛡️ BurpSuite MCP Server
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
🚀 Features
🔄 Proxy Tool
Intercept and modify HTTP/HTTPS traffic
View and manipulate requests/responses
Access proxy history
Real-time request/response manipulation
🔍 Scanner Tool
Active and passive scanning
Custom scan configurations
Real-time issue tracking
Scan status monitoring
📝 Logger Tool
Comprehensive HTTP traffic logging
Advanced filtering and search
Vulnerability detection
Traffic analysis
Suspicious pattern detection
🎯 Vulnerability Detection
Automatically detects multiple types of vulnerabilities:
🔥 XSS (Cross-Site Scripting)
💉 SQL Injection
🗂️ Path Traversal
📁 File Inclusion
🌐 SSRF (Server-Side Request Forgery)
📄 XXE (XML External Entity)
🔒 CSRF (Cross-Site Request Forgery)
🔄 Open Redirect
⚡ Command Injection
🛠️ Setup
Clone the repository
Install Dependencies
Configure Environment
Start the Server
The server will start on http://localhost:8000
📊 Analysis Features
Traffic Analysis
Total requests count
Unique URLs
HTTP method distribution
Status code distribution
Content type analysis
Average response time
Vulnerability Analysis
Vulnerability type summary
Top vulnerable endpoints
Suspicious patterns
Real-time vulnerability detection
Log Filtering
By HTTP method
By status code
By URL pattern
By content type
By content length
By time range
By vulnerability type
🔒 Security Considerations
Run in a secure environment
Configure appropriate authentication
Use HTTPS in production
Keep BurpSuite API key secure
Monitor and audit access
📚 API Documentation
For detailed API documentation, visit:
Swagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc
Cursor Integration
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor
directory contains all necessary configuration files:
Configuration Files
settings.json
: Contains MCP server configurationServer host and port settings
Endpoint configurations
BurpSuite proxy settings
Logger settings
Python interpreter path
tasks.json
: Defines common tasksStart MCP Server
Run Vulnerability Tests
Check Vulnerabilities
launch.json
: Contains debugging configurationsDebug MCP Server
Debug Vulnerability Tests
Using in Cursor
Open the project in Cursor
The MCP server configuration will be automatically loaded
Access features through:
Command Palette (Ctrl+Shift+P) for running tasks
Debug menu for debugging sessions
Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000
with the following endpoints:
/proxy/intercept
for request interception/logger
for logging functionality/logger/vulnerabilities/severity
for vulnerability analysis
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.Last updated -8846
- -securityAlicense-qualityMCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.Last updated -14MIT License
- -securityAlicense-qualityMCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.Last updated -03MIT License
- MIT License