BurpSuite MCP Server

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

🚀 Features

🔄 Proxy Tool

• Intercept and modify HTTP/HTTPS traffic
• View and manipulate requests/responses
• Access proxy history
• Real-time request/response manipulation

🔍 Scanner Tool

• Active and passive scanning
• Custom scan configurations
• Real-time issue tracking
• Scan status monitoring

📝 Logger Tool

• Comprehensive HTTP traffic logging
• Advanced filtering and search
• Vulnerability detection
• Traffic analysis
• Suspicious pattern detection

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

• 🔥 XSS (Cross-Site Scripting)
• 💉 SQL Injection
• 🗂️ Path Traversal
• 📁 File Inclusion
• 🌐 SSRF (Server-Side Request Forgery)
• 📄 XXE (XML External Entity)
• 🔒 CSRF (Cross-Site Request Forgery)
• 🔄 Open Redirect
• ⚡ Command Injection

🛠️ Setup

1. Clone the repository

1. Install Dependencies

2. Configure Environment

3. Start the Server

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

• Total requests count
• Unique URLs
• HTTP method distribution
• Status code distribution
• Content type analysis
• Average response time

Vulnerability Analysis

• Vulnerability type summary
• Top vulnerable endpoints
• Suspicious patterns
• Real-time vulnerability detection

Log Filtering

• By HTTP method
• By status code
• By URL pattern
• By content type
• By content length
• By time range
• By vulnerability type

🔒 Security Considerations

1. Run in a secure environment
2. Configure appropriate authentication
3. Use HTTPS in production
4. Keep BurpSuite API key secure
5. Monitor and audit access

📚 API Documentation

For detailed API documentation, visit:

• Swagger UI: http://localhost:8000/docs
• ReDoc: http://localhost:8000/redoc

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

1. settings.json: Contains MCP server configuration
   • Server host and port settings
   • Endpoint configurations
   • BurpSuite proxy settings
   • Logger settings
   • Python interpreter path
2. tasks.json: Defines common tasks
   • Start MCP Server
   • Run Vulnerability Tests
   • Check Vulnerabilities
3. launch.json: Contains debugging configurations
   • Debug MCP Server
   • Debug Vulnerability Tests

Using in Cursor

1. Open the project in Cursor
2. The MCP server configuration will be automatically loaded
3. Access features through:
   • Command Palette (Ctrl+Shift+P) for running tasks
   • Debug menu for debugging sessions
   • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

• /proxy/intercept for request interception
• /logger for logging functionality
• /logger/vulnerabilities/severity for vulnerability analysis

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• BurpSuite - The original security testing tool
• FastAPI - The web framework used
• Python - The programming language used