Supports command-line interaction with the server's endpoints using curl commands for intercepting requests, viewing proxy history, starting scans, and analyzing logs.
Uses .env files for configuration management, allowing customization of server settings, BurpSuite API connection details, and proxy settings.
Built on FastAPI to provide a web API interface for BurpSuite functionality, with Swagger UI and ReDoc documentation available.
Provides programmatic access to BurpSuite's core functionalities, including intercepting and modifying HTTP/HTTPS traffic, performing active and passive security scanning, and logging HTTP traffic for vulnerability detection.
Offers Swagger UI documentation at /docs endpoint to explore and test the API's capabilities interactively.
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
Intercept and modify HTTP/HTTPS traffic
View and manipulate requests/responses
Access proxy history
Real-time request/response manipulation
Active and passive scanning
Custom scan configurations
Real-time issue tracking
Scan status monitoring
Comprehensive HTTP traffic logging
Advanced filtering and search
Vulnerability detection
Traffic analysis
Suspicious pattern detection
Automatically detects multiple types of vulnerabilities:
🔥 XSS (Cross-Site Scripting)
💉 SQL Injection
🗂️ Path Traversal
📁 File Inclusion
🌐 SSRF (Server-Side Request Forgery)
📄 XXE (XML External Entity)
🔒 CSRF (Cross-Site Request Forgery)
🔄 Open Redirect
⚡ Command Injection
Clone the repository
Install Dependencies
Configure Environment
Start the Server
The server will start on http://localhost:8000
Total requests count
Unique URLs
HTTP method distribution
Status code distribution
Content type analysis
Average response time
Vulnerability type summary
Top vulnerable endpoints
Suspicious patterns
Real-time vulnerability detection
By HTTP method
By status code
By URL pattern
By content type
By content length
By time range
By vulnerability type
Run in a secure environment
Configure appropriate authentication
Use HTTPS in production
Keep BurpSuite API key secure
Monitor and audit access
For detailed API documentation, visit:
Swagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:
settings.json: Contains MCP server configuration
Server host and port settings
Endpoint configurations
BurpSuite proxy settings
Logger settings
Python interpreter path
tasks.json: Defines common tasks
Start MCP Server
Run Vulnerability Tests
Check Vulnerabilities
launch.json: Contains debugging configurations
Debug MCP Server
Debug Vulnerability Tests
Open the project in Cursor
The MCP server configuration will be automatically loaded
Access features through:
Command Palette (Ctrl+Shift+P) for running tasks
Debug menu for debugging sessions
Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000 with the following endpoints:
/proxy/intercept for request interception
/logger for logging functionality
/logger/vulnerabilities/severity for vulnerability analysis
This project is licensed under the MIT License - see the LICENSE file for details.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/X3r0K/BurpSuite-MCP-Server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server