Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}
logging
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
chainA

Execute multi-step request chain with variable extraction between steps. Each extract value is a PLAIN STRING pattern (body regex / cookie:name / header:Name:regex), never a nested object like {"type":"json",...}. See rqwstr_docs(topic="chain") for patterns. Preferred path for authenticated flows: forward_cookies (default true) auto-forwards Set-Cookie between steps — see rqwstr_docs(topic="cookies").

encodeB

Encode or decode payloads for injection testing. Encodings: url, double, html, base64, unicode, hex. Chain multiple left-to-right. See rqwstr_docs(topic="encoding").

exportB

Export a stored request to curl, python, go, httpie, har, or raw HTTP format. See rqwstr_docs(topic="export") for format options.

fetchC

Retrieve a stored request/response by ID or name

huntC

Set active hunt — creates database if new, loads existing if found. See rqwstr_docs(topic="hunts") for workflow.

importB

Import raw HTTP request from Burp or other tools — stores as crafted. See rqwstr_docs(topic="export") for the reverse direction.

intruderC

Burp Intruder-style fuzzing with sniper, battering ram, pitchfork, and cluster bomb attack types. See rqwstr_docs(topic="intruder") for attack types and CSRF handling.

oobB

Out-of-Band interaction detection via Interactsh for blind vulnerability testing. See rqwstr_docs(topic="oob") for the register/send/poll workflow.

parallelB

Send multiple different HTTP requests simultaneously. See rqwstr_docs(topic="parallel") for sync/stagger/repeat patterns.

profileB

Variable profile management — save, load, list, delete named snapshots of variables

raceB

Race condition testing with burst, single_packet, and staggered timing modes. See rqwstr_docs(topic="race") for timing-mode guidance.

rqwstr_docsA

Fetch rqwstr agent guidance by topic. topic='index' lists all topics; pass a topic name (e.g. 'race', 'intruder', 'chain') to read that page. Do not call this tool more than 3 times per question.

saveC

Name a request for quick retrieval

scopeB

Manage scope rules — add/remove include/exclude rules, import presets, check URLs

searchC

Regex search through stored requests and responses

sendA

Send HTTP request and store in hunt database. See rqwstr_docs(topic="hunts") for the core workflow. Cookie handling: an explicit Cookie in headers or raw_headers suppresses the per-hunt cookie jar (the jar is only injected when no Cookie is supplied). A Cookie set in both sources is additive on the wire — both propagate, not deduped. send injects jar cookies outbound but NEVER auto-stores Set-Cookie: for multi-step authenticated flows use chain (forward_cookies), or session(action="import_from_response") after a login response. See rqwstr_docs(topic="cookies") for the full store model and setting explicit Cookie payloads (session fixation, deserialization, etc.).

send_h2A

Send HTTP/2 request over TLS with ALPN negotiation. See rqwstr_docs(topic="http2") for raw-frame mode and smuggling primitives. Cookie handling matches send: an explicit Cookie in headers (or raw_headers) suppresses the per-hunt cookie jar, and a Cookie set in both sources is additive on the wire (both propagate, not deduped). raw_headers only reaches the wire on raw_mode or a pooled connection; on the standard HTTP/2 path raw_headers is not sent, so it neither suppresses the jar nor lands on the wire.

sessionA

Cookie jar management — list, get, set, delete, clear cookies, import from response headers. See rqwstr_docs(topic="cookies") for actions.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Kjopstad-IT/rqwstr-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server