burp_spider
Crawl websites to map application structure and identify content for security testing using Burp Suite's spidering capabilities.
Instructions
Spider/crawl target using Burp Suite
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target URL to spider |
Implementation Reference
- Core handler function that executes the Burp Suite spider/crawl using the REST API on the provided target URL, waits for completion, and returns discovered URLs.async spiderTarget(target: string): Promise<any> { try { console.error(`🕷️ Spidering target: ${target}`); const spiderResponse = await axios.post(`${this.apiBaseUrl}/v0.1/spider`, { base_url: target }); const spiderTaskId = spiderResponse.data.task_id; // Wait for spider completion await this.waitForTaskCompletion(spiderTaskId, 600000); // 10 min timeout // Get spider results const spiderResults = await axios.get(`${this.apiBaseUrl}/v0.1/spider/${spiderTaskId}`); return { task_id: spiderTaskId, status: spiderResults.data.status, urls_found: spiderResults.data.urls || [] }; } catch (error) { console.error('Spider failed:', error); return { error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:456-466 (registration)Registers the 'burp_spider' tool in the MCP server's tool list, including its schema for input validation.{ name: "burp_spider", description: "Spider/crawl target using Burp Suite", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target URL to spider" } }, required: ["target"] } },
- src/index.ts:604-606 (handler)Switch case in the main tool dispatcher that routes 'burp_spider' calls to the BurpSuiteIntegration instance's spiderTarget method.case "burp_spider": return respond(await this.burpSuite.spiderTarget(args.target));