Skip to main content
Glama

MCP Pentest

by adriyansyah-mf
GitHub
TypeScript
1
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
BURPSUITE_USAGE.mdā€¢7.13 kB
# šŸ”„ Burp Suite Integration Guide MCP Pentest sekarang mendukung **integrasi lengkap dengan Burp Suite Professional**! Anda bisa spawn Burp Suite dan melakukan penetration testing secara otomatis. ## šŸš€ Fitur Burp Suite Integration ### āœ… Yang Bisa Dilakukan: - **Spawn Burp Suite** secara headless atau GUI - **Active scanning** dengan vulnerability detection - **Passive scanning** melalui proxy - **Web crawling/spidering** target - **Export results** dalam format XML/HTML/JSON - **API-based control** untuk automation ## šŸ“‹ Prerequisites ### 1. **Burp Suite Professional License** ```bash # Download dari PortSwigger (memerlukan lisensi valid) # https://portswigger.net/burp/releases/professional/latest ``` ### 2. **Java Installation** ```bash # Install Java 11+ (required untuk Burp Suite) sudo apt install -y openjdk-11-jdk # Verify installation java -version ``` ### 3. **Burp Suite JAR Placement** ```bash # Letakkan burpsuite_pro.jar di salah satu lokasi ini: # (MCP akan auto-detect) /opt/burpsuite_pro/burpsuite_pro.jar # Recommended ~/BurpSuitePro/burpsuite_pro.jar ~/Downloads/burpsuite_pro.jar ./burpsuite_pro.jar # Atau specify manual saat start ``` ## šŸ”§ Cara Penggunaan ### 1. **Start Burp Suite** ```bash # Basic start (headless mode) burp_start {} # Custom configuration burp_start { "jar_path": "/opt/burpsuite_pro/burpsuite_pro.jar", "headless": true, "memory": "4g", "project_file": "/tmp/myproject.burp" } ``` ### 2. **Active Vulnerability Scanning** ```bash # Scan single target burp_active_scan { "target": "https://example.com" } # Scan dengan scope tambahan burp_active_scan { "target": "https://example.com", "scope": [ "https://example.com/admin", "https://api.example.com" ] } ``` ### 3. **Passive Scanning via Proxy** ```bash # Passive scan selama 5 menit burp_proxy_scan { "target": "https://example.com", "duration": 300 } # Burp akan capture semua request/response dan analyze secara passive ``` ### 4. **Web Crawling/Spidering** ```bash # Spider target untuk discovery burp_spider { "target": "https://example.com" } ``` ### 5. **Export Results** ```bash # Export dalam format XML (default) burp_export {} # Export dalam format HTML burp_export { "format": "html", "output_path": "/tmp/burp-report.html" } # Export dalam format JSON burp_export { "format": "json", "output_path": "./results.json" } ``` ### 6. **Stop Burp Suite** ```bash # Stop Burp instance burp_stop {} ``` ## šŸŽÆ Workflow Examples ### **Workflow 1: Complete Web App Assessment** ```bash # 1. Start Burp Suite burp_start {"memory": "4g"} # 2. Spider the application burp_spider {"target": "https://webapp.example.com"} # 3. Perform active scan burp_active_scan {"target": "https://webapp.example.com"} # 4. Export detailed report burp_export {"format": "html", "output_path": "./webapp-assessment.html"} # 5. Stop Burp burp_stop {} ``` ### **Workflow 2: Passive Analysis** ```bash # 1. Start Burp Suite burp_start {} # 2. Run passive scan while browsing burp_proxy_scan { "target": "https://api.example.com", "duration": 600 } # 3. Export findings burp_export {"format": "json"} # 4. Stop Burp burp_stop {} ``` ### **Workflow 3: Integration dengan Tools Lain** ```bash # 1. Recon fase nmap_scan {"target": "example.com"} tech_detection {"url": "https://example.com"} subdomain_enum {"domain": "example.com", "use_subfinder": true} # 2. Start Burp untuk detailed analysis burp_start {} # 3. Active scan pada findings burp_active_scan {"target": "https://example.com"} # 4. Export dan analyze burp_export {"format": "xml"} ``` ## āš™ļø Configuration Options ### **Burp Start Parameters:** - `jar_path`: Path ke burpsuite_pro.jar (optional, auto-detected) - `project_file`: Burp project file untuk persistence - `headless`: Mode headless (true/false, default: true) - `memory`: Java memory allocation (e.g., "2g", "4g") - `api_port`: API port (default: 1337) - `proxy_port`: Proxy port (default: 8080) ### **Auto-Detection Paths:** ``` /opt/burpsuite_pro/burpsuite_pro.jar /Applications/Burp Suite Professional.app/Contents/java/app/burpsuite_pro.jar ~/BurpSuitePro/burpsuite_pro.jar ~/Downloads/burpsuite_pro.jar ./burpsuite_pro.jar ``` ## šŸ” Output Examples ### **Active Scan Results:** ```json { "scan_id": "task_12345", "issue_count": 15, "issues": [ { "name": "SQL injection", "severity": "High", "confidence": "Certain", "host": "example.com", "path": "/login.php", "location": "POST parameter 'username'" } ], "severity_breakdown": { "high": 3, "medium": 7, "low": 5, "info": 0 } } ``` ### **Proxy Scan Results:** ```json { "requests_captured": 247, "issue_count": 8, "proxy_config": { "http_proxy": "http://127.0.0.1:8080", "https_proxy": "http://127.0.0.1:8080" } } ``` ## šŸšØ Troubleshooting ### **Common Issues:** #### 1. **"Burp Suite JAR not found"** ```bash # Solution: Install Burp Suite Pro dan letakkan JAR di lokasi yang benar sudo mkdir -p /opt/burpsuite_pro # Copy burpsuite_pro.jar ke /opt/burpsuite_pro/ # Atau specify manual: burp_start {"jar_path": "/path/to/burpsuite_pro.jar"} ``` #### 2. **"Java not found"** ```bash # Install Java 11+ sudo apt install -y openjdk-11-jdk java -version ``` #### 3. **"Burp failed to start"** ```bash # Check Java memory allocation burp_start {"memory": "1g"} # Reduce memory if system has limited RAM # Check license validity java -jar /opt/burpsuite_pro/burpsuite_pro.jar --help ``` #### 4. **"API not accessible"** ```bash # Wait longer for Burp startup (up to 5 minutes) # Check if port 1337 is available netstat -tulpn | grep 1337 # Try different API port burp_start {"api_port": 1338} ``` #### 5. **Permission Issues** ```bash # Ensure burpsuite_pro.jar has proper permissions chmod +x /opt/burpsuite_pro/burpsuite_pro.jar # Run with sudo if necessary (not recommended for production) ``` ## šŸ” Security Notes 1. **Burp Suite Professional License**: Integrasi ini memerlukan lisensi valid Burp Suite Professional 2. **Headless Mode**: Default menggunakan headless mode untuk automation 3. **API Security**: Burp API binding ke localhost (127.0.0.1) saja 4. **Memory Usage**: Burp Suite dapat menggunakan memory signifikan (2-4GB recommended) 5. **Port Usage**: Default menggunakan port 1337 (API) dan 8080 (proxy) ## šŸŽÆ Advanced Features ### **Custom Project Files:** ```bash # Menggunakan project file untuk persistence burp_start { "project_file": "/projects/webapp-test.burp", "headless": false # GUI mode untuk manual intervention } ``` ### **Integration dengan Proxy Tools:** ```bash # Set aplikasi lain untuk menggunakan Burp proxy export http_proxy=http://127.0.0.1:8080 export https_proxy=http://127.0.0.1:8080 # Kemudian jalankan tools lain untuk capture traffic curl -x http://127.0.0.1:8080 https://example.com ``` ### **Batch Scanning:** ```bash # Script untuk multiple targets for target in site1.com site2.com site3.com; do burp_active_scan {"target": "https://$target"} done ``` Happy Burp Suite Integration! šŸ”„

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server