MCP Pentest

Instructions

Implementation Reference

• src/tools/burpsuite-integration.ts:92-160 (handler)

  Core handler function that spawns Burp Suite Java process with configured options, waits for startup, and returns success/error status with process details.
  async startBurpSuite(): Promise<ScanResult> { try { console.error('🚀 Starting Burp Suite...'); if (!this.config.jar_path || !fs.existsSync(this.config.jar_path)) { throw new Error('Burp Suite JAR file not found. Please install Burp Suite Professional and set jar_path'); } // Prepare user options file for headless mode let userOptionsFile = ''; if (this.config.headless) { userOptionsFile = await this.createUserOptionsFile(); } // Build command const javaArgs = [ `-Xmx${this.config.memory}`, '-Djava.awt.headless=true', '-jar', this.config.jar_path, '--disable-extensions', `--collaborator-server`, `--collaborator-location-all` ]; if (this.config.headless) { javaArgs.push('--unpause-spider-and-scanner'); javaArgs.push(`--user-config-file=${userOptionsFile}`); } if (this.config.project_file) { javaArgs.push(`--project-file=${this.config.project_file}`); } console.error(`Executing: java ${javaArgs.join(' ')}`); // Spawn Burp Suite process this.burpProcess = spawn('java', javaArgs, { stdio: ['ignore', 'pipe', 'pipe'], detached: false }); // Wait for Burp to start up await this.waitForBurpStartup(); return { target: 'burpsuite', timestamp: new Date().toISOString(), tool: 'burpsuite_startup', results: { status: 'started', pid: this.burpProcess.pid, api_url: this.apiBaseUrl, proxy_port: this.config.proxy_port, config: this.config }, status: 'success' }; } catch (error) { return { target: 'burpsuite', timestamp: new Date().toISOString(), tool: 'burpsuite_startup', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
• src/index.ts:405-418 (registration)

  Tool registration in MCP server's tool list, including name, description, and input schema definition.
  { name: "burp_start", description: "Start Burp Suite Professional with API enabled", inputSchema: { type: "object", properties: { jar_path: { type: "string", description: "Path to burpsuite_pro.jar (optional, auto-detected)" }, project_file: { type: "string", description: "Burp project file path (optional)" }, headless: { type: "boolean", description: "Run in headless mode (default: true)" }, memory: { type: "string", description: "Java memory allocation (default: 2g)" } }, required: [] } },
• src/index.ts:583-594 (handler)

  MCP server switch-case handler for 'burp_start' tool that optionally recreates BurpSuiteIntegration instance and delegates to its startBurpSuite() method.
  case "burp_start": // Create new instance with custom config if provided if (args.jar_path || args.project_file || args.headless !== undefined || args.memory) { this.burpSuite = new BurpSuiteIntegration({ jar_path: args.jar_path, project_file: args.project_file, headless: args.headless, memory: args.memory }); } return respond(await this.burpSuite.startBurpSuite());
• src/tools/burpsuite-integration.ts:412-429 (helper)

  Helper method called by startBurpSuite to poll Burp Suite REST API until it's ready (up to 5 minutes).
  private async waitForBurpStartup(): Promise<void> { const maxAttempts = 60; // 5 minutes let attempts = 0; while (attempts < maxAttempts) { try { await axios.get(`${this.apiBaseUrl}/v0.1/`, { timeout: 5000 }); console.error('✅ Burp Suite API is ready'); return; } catch (error) { attempts++; console.error(`Waiting for Burp startup... (${attempts}/${maxAttempts})`); await new Promise(resolve => setTimeout(resolve, 5000)); } } throw new Error('Burp Suite failed to start within timeout period'); }