burp_spider
Crawl target websites to map application structure and identify endpoints for security testing using Burp Suite's spidering capabilities.
Instructions
Spider/crawl target using Burp Suite
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target URL to spider |
Input Schema (JSON Schema)
{
"properties": {
"target": {
"description": "Target URL to spider",
"type": "string"
}
},
"required": [
"target"
],
"type": "object"
}
Implementation Reference
- The core handler function that executes the burp_spider tool by sending a spider request to Burp Suite API, waiting for completion, and retrieving discovered URLs.async spiderTarget(target: string): Promise<any> { try { console.error(`🕷️ Spidering target: ${target}`); const spiderResponse = await axios.post(`${this.apiBaseUrl}/v0.1/spider`, { base_url: target }); const spiderTaskId = spiderResponse.data.task_id; // Wait for spider completion await this.waitForTaskCompletion(spiderTaskId, 600000); // 10 min timeout // Get spider results const spiderResults = await axios.get(`${this.apiBaseUrl}/v0.1/spider/${spiderTaskId}`); return { task_id: spiderTaskId, status: spiderResults.data.status, urls_found: spiderResults.data.urls || [] }; } catch (error) { console.error('Spider failed:', error); return { error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:604-605 (registration)Switch case registration that routes calls to the burp_spider tool to the BurpSuiteIntegration.spiderTarget method.case "burp_spider": return respond(await this.burpSuite.spiderTarget(args.target));
- src/index.ts:456-466 (schema)Input schema definition for the burp_spider tool, specifying the required 'target' parameter.{ name: "burp_spider", description: "Spider/crawl target using Burp Suite", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target URL to spider" } }, required: ["target"] } },