BurpSuite MCP Server

# 🛡️ BurpSuite MCP Server A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities. <a href="https://glama.ai/mcp/servers/@X3r0K/BurpSuite-MCP-Server"> <img width="380" height="200" src="https://glama.ai/mcp/servers/@X3r0K/BurpSuite-MCP-Server/badge" /> </a> [](https://mseep.ai/app/x3r0k-burpsuite-mcp-server) [](https://www.python.org/downloads/) [](https://fastapi.tiangolo.com/) [](LICENSE) ## 🚀 Features ### 🔄 Proxy Tool - Intercept and modify HTTP/HTTPS traffic - View and manipulate requests/responses - Access proxy history - Real-time request/response manipulation ```bash # Intercept a request curl -X POST "http://localhost:8000/proxy/intercept" \ -H "Content-Type: application/json" \ -d '{ "url": "https://example.com", "method": "GET", "headers": {"User-Agent": "Custom"}, "intercept": true }' # View proxy history curl "http://localhost:8000/proxy/history" ``` ### 🔍 Scanner Tool - Active and passive scanning - Custom scan configurations - Real-time issue tracking - Scan status monitoring ```bash # Start a new scan curl -X POST "http://localhost:8000/scanner/start" \ -H "Content-Type: application/json" \ -d '{ "target_url": "https://example.com", "scan_type": "active", "scan_configurations": { "scope": "strict", "audit_checks": ["xss", "sqli"] } }' # Check scan status curl "http://localhost:8000/scanner/status/scan_1" # Stop a scan curl -X DELETE "http://localhost:8000/scanner/stop/scan_1" ``` ### 📝 Logger Tool - Comprehensive HTTP traffic logging - Advanced filtering and search - Vulnerability detection - Traffic analysis - Suspicious pattern detection ```bash # Get filtered logs curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200" # Search logs curl "http://localhost:8000/logger/logs?search=password" # Get vulnerability analysis curl "http://localhost:8000/logger/vulnerabilities" # Get comprehensive analysis curl "http://localhost:8000/logger/analysis" # Clear logs curl -X DELETE "http://localhost:8000/logger/clear" curl "http://localhost:8000/logger/vulnerabilities/severity" ``` ### 🎯 Vulnerability Detection Automatically detects multiple types of vulnerabilities: - 🔥 XSS (Cross-Site Scripting) - 💉 SQL Injection - 🗂️ Path Traversal - 📁 File Inclusion - 🌐 SSRF (Server-Side Request Forgery) - 📄 XXE (XML External Entity) - 🔒 CSRF (Cross-Site Request Forgery) - 🔄 Open Redirect - ⚡ Command Injection ## 🛠️ Setup 1. **Clone the repository** ```bash git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git cd BurpSuite-MCP-Server ``` 1. **Install Dependencies** ```bash pip install -r requirements.txt ``` 2. **Configure Environment** ```bash # Copy .env.example to .env cp .env.example .env # Update the values in .env BURP_API_KEY=Your_API_KEY BURP_API_HOST=localhost BURP_API_PORT=1337 BURP_PROXY_HOST=127.0.0.1 BURP_PROXY_PORT=8080 MCP_SERVER_HOST=0.0.0.0 MCP_SERVER_PORT=8000 ``` 3. **Start the Server** ```bash python main.py ``` The server will start on http://localhost:8000 ## 📊 Analysis Features ### Traffic Analysis - Total requests count - Unique URLs - HTTP method distribution - Status code distribution - Content type analysis - Average response time ### Vulnerability Analysis - Vulnerability type summary - Top vulnerable endpoints - Suspicious patterns - Real-time vulnerability detection ### Log Filtering - By HTTP method - By status code - By URL pattern - By content type - By content length - By time range - By vulnerability type ## 🔒 Security Considerations 1. Run in a secure environment 2. Configure appropriate authentication 3. Use HTTPS in production 4. Keep BurpSuite API key secure 5. Monitor and audit access ## 📚 API Documentation For detailed API documentation, visit: - Swagger UI: http://localhost:8000/docs - ReDoc: http://localhost:8000/redoc  ## Cursor Integration The MCP server is configured to work seamlessly with Cursor IDE. The `.cursor` directory contains all necessary configuration files: ### Configuration Files 1. `settings.json`: Contains MCP server configuration - Server host and port settings - Endpoint configurations - BurpSuite proxy settings - Logger settings - Python interpreter path 2. `tasks.json`: Defines common tasks - Start MCP Server - Run Vulnerability Tests - Check Vulnerabilities 3. `launch.json`: Contains debugging configurations - Debug MCP Server - Debug Vulnerability Tests ### Using in Cursor 1. Open the project in Cursor 2. The MCP server configuration will be automatically loaded 3. Access features through: - Command Palette (Ctrl+Shift+P) for running tasks - Debug menu for debugging sessions - Automatic Python interpreter configuration The server will be accessible at `http://localhost:8000` with the following endpoints: - `/proxy/intercept` for request interception - `/logger` for logging functionality - `/logger/vulnerabilities/severity` for vulnerability analysis   ## 📝 License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. ## 🙏 Acknowledgments - [BurpSuite](https://portswigger.net/burp) - The original security testing tool - [FastAPI](https://fastapi.tiangolo.com/) - The web framework used - [Python](https://www.python.org/) - The programming language used