MCP HTTP Requests

Instructions

Implementation Reference

• src/mcp_requests/main.py:208-260 (handler)

  The handler function for the 'http_raw_request' tool. It accepts url, method, raw_body, headers, cookies, and timeout parameters. Converts non-string raw_body to string if necessary, performs the HTTP request via make_http_request_with_logging, adds warnings if converted, and returns JSON response. Includes comprehensive docstring describing usage for security testing.
  @mcp.tool() def http_raw_request( url: str, method: str = "GET", raw_body: Union[str, Dict[str, Any]] = "", headers: Optional[Dict[str, str]] = None, cookies: Optional[Dict[str, str]] = None, timeout: float = 30.0 ) -> str: """🔒 CRITICAL SECURITY TESTING TOOL: Sends HTTP requests with ABSOLUTE PRECISION - All requests logged ⚠️ IMPORTANT: This tool preserves EVERY SINGLE CHARACTER of your request: - Headers: Every cookie, token, session ID - NO CHARACTER LIMIT, NO TRUNCATION - Body: Raw payload sent byte-for-byte, preserving payloads exactly - Cookies: Complete cookie strings including long JWT tokens, session data - Special characters: ', ", \\, %, &, =, etc. are preserved without encoding - Whitespace: Spaces, tabs, newlines maintained exactly as provided 🎯 Perfect for: all kinds of security vulnerability testing, testing like SQL injection, XSS, CSRF, authentication bypass, parameter pollution 📝 Guarantee: What you input is EXACTLY what gets sent - zero modifications 📊 All requests and responses are automatically logged to ~/mcp_requests_logs/ 💡 USAGE TIP: raw_body must be a STRING, not an object. For JSON, use: '{"key":"value"}' not {"key":"value"} """ try: # Ensure raw_body is a string - convert if needed but warn if raw_body is None: raw_body = "" elif not isinstance(raw_body, str): if isinstance(raw_body, dict): raw_body = json.dumps(raw_body, separators=(',', ':'), ensure_ascii=False) # Add conversion info to response conversion_info = f"⚠️ AUTO-CONVERTED: Dict → JSON string" elif isinstance(raw_body, (list, tuple)): raw_body = json.dumps(raw_body, separators=(',', ':'), ensure_ascii=False) conversion_info = f"⚠️ AUTO-CONVERTED: {type(raw_body).__name__} → JSON string" else: raw_body = str(raw_body) conversion_info = f"⚠️ AUTO-CONVERTED: {type(raw_body).__name__} → string" else: conversion_info = None result = make_http_request_with_logging(method, url, headers or {}, cookies or {}, raw_body, timeout) # Add conversion warning to result if applicable if conversion_info: result_dict = json.loads(result) result_dict["conversion_warning"] = conversion_info return json.dumps(result_dict, indent=2) return result except Exception as e: return f"Error: {str(e)}"
• src/mcp_requests/main.py:56-100 (helper)

  Core helper function that executes the HTTP request using httpx.Client, captures full response details, logs via log_request_response, and returns structured result. Handles exceptions by logging and re-raising.
  def make_http_request_with_logging(method: str, url: str, headers: dict, cookies: dict, body: str, timeout: float): """Universal HTTP request function with logging""" try: with httpx.Client(timeout=timeout) as client: response = client.request( method=method.upper(), url=url, headers=headers, cookies=cookies, content=body.encode('utf-8') if body else None ) # Log the request and response log_path = log_request_response( method=method.upper(), url=url, headers=headers, cookies=cookies, body=body, status_code=response.status_code, response_headers=dict(response.headers), response_content=response.text, response_length=len(response.text) ) return { "method": method.upper(), "url": url, "status_code": response.status_code, "response_headers": dict(response.headers), "response_content": response.text, "response_length": len(response.text), "request_headers": headers, "request_cookies": cookies, "request_body": body, "logged_to": log_path } except Exception as e: # Log the error log_request_response( method=method.upper(), url=url, headers=headers, cookies=cookies, body=body, status_code=0, response_headers={}, response_content="", response_length=0, error=str(e) ) raise e
• src/mcp_requests/main.py:30-54 (helper)

  Helper function that logs full request/response details (including preview of long content) to a timestamped log file in ~/mcp_requests_logs/. Returns the log file path.
  def log_request_response(method: str, url: str, headers: dict, cookies: dict, body: str, status_code: int, response_headers: dict, response_content: str, response_length: int, error: str = None): """Log complete request and response details""" log_data = { "timestamp": datetime.datetime.now().isoformat(), "request": { "method": method, "url": url, "headers": headers, "cookies": cookies, "body": body, "body_length": len(body) if body else 0 }, "response": { "status_code": status_code if not error else "ERROR", "headers": response_headers if not error else {}, "content_length": response_length if not error else 0, "content_preview": response_content[:500] + "..." if response_content and len(response_content) > 500 else response_content }, "error": error } logger.info(f"HTTP_REQUEST: {json.dumps(log_data, indent=2, ensure_ascii=False)}") return log_path
• src/mcp_requests/main.py:208-208 (registration)

  The @mcp.tool() decorator registers the http_raw_request function as an MCP tool.
  @mcp.tool()
• src/mcp_requests/main.py:209-216 (schema)

  Function signature defining input parameters and return type for the tool schema, used by MCP to generate JSON schema.
  def http_raw_request( url: str, method: str = "GET", raw_body: Union[str, Dict[str, Any]] = "", headers: Optional[Dict[str, str]] = None, cookies: Optional[Dict[str, str]] = None, timeout: float = 30.0 ) -> str: