Supports command-line interaction with the server's endpoints using curl commands for intercepting requests, viewing proxy history, starting scans, and analyzing logs.
Uses .env files for configuration management, allowing customization of server settings, BurpSuite API connection details, and proxy settings.
Built on FastAPI to provide a web API interface for BurpSuite functionality, with Swagger UI and ReDoc documentation available.
Provides programmatic access to BurpSuite's core functionalities, including intercepting and modifying HTTP/HTTPS traffic, performing active and passive security scanning, and logging HTTP traffic for vulnerability detection.
Offers Swagger UI documentation at /docs endpoint to explore and test the API's capabilities interactively.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@BurpSuite MCP Serverscan https://example.com for XSS and SQLi vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π‘οΈ BurpSuite MCP Server
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
π Features
π Proxy Tool
Intercept and modify HTTP/HTTPS traffic
View and manipulate requests/responses
Access proxy history
Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com",
"method": "GET",
"headers": {"User-Agent": "Custom"},
"intercept": true
}'
# View proxy history
curl "http://localhost:8000/proxy/history"π Scanner Tool
Active and passive scanning
Custom scan configurations
Real-time issue tracking
Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
-H "Content-Type: application/json" \
-d '{
"target_url": "https://example.com",
"scan_type": "active",
"scan_configurations": {
"scope": "strict",
"audit_checks": ["xss", "sqli"]
}
}'
# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"
# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"π Logger Tool
Comprehensive HTTP traffic logging
Advanced filtering and search
Vulnerability detection
Traffic analysis
Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"
# Search logs
curl "http://localhost:8000/logger/logs?search=password"
# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"
# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"
# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"
curl "http://localhost:8000/logger/vulnerabilities/severity"π― Vulnerability Detection
Automatically detects multiple types of vulnerabilities:
π₯ XSS (Cross-Site Scripting)
π SQL Injection
ποΈ Path Traversal
π File Inclusion
π SSRF (Server-Side Request Forgery)
π XXE (XML External Entity)
π CSRF (Cross-Site Request Forgery)
π Open Redirect
β‘ Command Injection
Related MCP server: MCP Server
π οΈ Setup
Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-ServerInstall Dependencies
pip install -r requirements.txtConfigure Environment
# Copy .env.example to .env
cp .env.example .env
# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000Start the Server
python main.pyThe server will start on http://localhost:8000
π Analysis Features
Traffic Analysis
Total requests count
Unique URLs
HTTP method distribution
Status code distribution
Content type analysis
Average response time
Vulnerability Analysis
Vulnerability type summary
Top vulnerable endpoints
Suspicious patterns
Real-time vulnerability detection
Log Filtering
By HTTP method
By status code
By URL pattern
By content type
By content length
By time range
By vulnerability type
π Security Considerations
Run in a secure environment
Configure appropriate authentication
Use HTTPS in production
Keep BurpSuite API key secure
Monitor and audit access
π API Documentation
For detailed API documentation, visit:
Swagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc
Cursor Integration
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:
Configuration Files
settings.json: Contains MCP server configurationServer host and port settings
Endpoint configurations
BurpSuite proxy settings
Logger settings
Python interpreter path
tasks.json: Defines common tasksStart MCP Server
Run Vulnerability Tests
Check Vulnerabilities
launch.json: Contains debugging configurationsDebug MCP Server
Debug Vulnerability Tests
Using in Cursor
Open the project in Cursor
The MCP server configuration will be automatically loaded
Access features through:
Command Palette (Ctrl+Shift+P) for running tasks
Debug menu for debugging sessions
Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000 with the following endpoints:
/proxy/interceptfor request interception/loggerfor logging functionality/logger/vulnerabilities/severityfor vulnerability analysis
π License
This project is licensed under the MIT License - see the LICENSE file for details.
π Acknowledgments
Appeared in Searches
- Capture The Flag (CTF) cybersecurity competitions and challenges
- Information about AI hackers or AI hacking techniques
- Website penetration testing and security vulnerability assessment tools
- Security testing and vulnerability assessment of MCP Server execution functions
- General information about burping