MCP HTTP Requests

Overview Schema Related Servers Score Discussions

http_raw_request

Send HTTP requests with absolute precision for security testing. Preserve headers, raw payloads, cookies, and special characters exactly as provided. Logs all requests and responses for analysis.

Instructions

🔒 CRITICAL SECURITY TESTING TOOL: Sends HTTP requests with ABSOLUTE PRECISION - All requests logged

⚠️ IMPORTANT: This tool preserves EVERY SINGLE CHARACTER of your request:

Headers: Every cookie, token, session ID - NO CHARACTER LIMIT, NO TRUNCATION
Body: Raw payload sent byte-for-byte, preserving payloads exactly
Cookies: Complete cookie strings including long JWT tokens, session data
Special characters: ', ", , %, &, =, etc. are preserved without encoding
Whitespace: Spaces, tabs, newlines maintained exactly as provided

🎯 Perfect for: all kinds of security vulnerability testing, testing like SQL injection, XSS, CSRF, authentication bypass, parameter pollution 📝 Guarantee: What you input is EXACTLY what gets sent - zero modifications 📊 All requests and responses are automatically logged to ~/mcp_requests_logs/

Input Schema

TableJSON Schema

Name	Required	Default
`cookies`	No
`headers`	No
`method`	No	GET
`raw_body`	No
`timeout`	No
`url`	Yes

Implementation Reference

src/mcp_requests/main.py:208-260 (handler)

The handler function for the 'http_raw_request' tool. It accepts url, method, raw_body, headers, cookies, and timeout parameters. Converts non-string raw_body to string if necessary, performs the HTTP request via make_http_request_with_logging, adds warnings if converted, and returns JSON response. Includes comprehensive docstring describing usage for security testing.

@mcp.tool()
def http_raw_request(
    url: str,
    method: str = "GET", 
    raw_body: Union[str, Dict[str, Any]] = "",
    headers: Optional[Dict[str, str]] = None,
    cookies: Optional[Dict[str, str]] = None,
    timeout: float = 30.0
) -> str:
    """🔒 CRITICAL SECURITY TESTING TOOL: Sends HTTP requests with ABSOLUTE PRECISION - All requests logged
    
    ⚠️  IMPORTANT: This tool preserves EVERY SINGLE CHARACTER of your request:
    - Headers: Every cookie, token, session ID - NO CHARACTER LIMIT, NO TRUNCATION
    - Body: Raw payload sent byte-for-byte, preserving payloads exactly
    - Cookies: Complete cookie strings including long JWT tokens, session data
    - Special characters: ', ", \\, %, &, =, etc. are preserved without encoding
    - Whitespace: Spaces, tabs, newlines maintained exactly as provided
    
    🎯 Perfect for: all kinds of security vulnerability testing, testing like SQL injection, XSS, CSRF, authentication bypass, parameter pollution
    📝 Guarantee: What you input is EXACTLY what gets sent - zero modifications
    📊 All requests and responses are automatically logged to ~/mcp_requests_logs/
    
    💡 USAGE TIP: raw_body must be a STRING, not an object. For JSON, use: '{"key":"value"}' not {"key":"value"}
    """
    try:
        # Ensure raw_body is a string - convert if needed but warn
        if raw_body is None:
            raw_body = ""
        elif not isinstance(raw_body, str):
            if isinstance(raw_body, dict):
                raw_body = json.dumps(raw_body, separators=(',', ':'), ensure_ascii=False)
                # Add conversion info to response
                conversion_info = f"⚠️ AUTO-CONVERTED: Dict → JSON string"
            elif isinstance(raw_body, (list, tuple)):
                raw_body = json.dumps(raw_body, separators=(',', ':'), ensure_ascii=False)
                conversion_info = f"⚠️ AUTO-CONVERTED: {type(raw_body).__name__} → JSON string"
            else:
                raw_body = str(raw_body)
                conversion_info = f"⚠️ AUTO-CONVERTED: {type(raw_body).__name__} → string"
        else:
            conversion_info = None
        
        result = make_http_request_with_logging(method, url, headers or {}, cookies or {}, raw_body, timeout)
        
        # Add conversion warning to result if applicable
        if conversion_info:
            result_dict = json.loads(result)
            result_dict["conversion_warning"] = conversion_info
            return json.dumps(result_dict, indent=2)
        
        return result
    except Exception as e:
        return f"Error: {str(e)}"

src/mcp_requests/main.py:56-100 (helper)

Core helper function that executes the HTTP request using httpx.Client, captures full response details, logs via log_request_response, and returns structured result. Handles exceptions by logging and re-raising.

def make_http_request_with_logging(method: str, url: str, headers: dict, cookies: dict, body: str, timeout: float):
    """Universal HTTP request function with logging"""
    try:
        with httpx.Client(timeout=timeout) as client:
            response = client.request(
                method=method.upper(),
                url=url,
                headers=headers,
                cookies=cookies,
                content=body.encode('utf-8') if body else None
            )
            
            # Log the request and response
            log_path = log_request_response(
                method=method.upper(), 
                url=url, 
                headers=headers, 
                cookies=cookies, 
                body=body,
                status_code=response.status_code,
                response_headers=dict(response.headers),
                response_content=response.text,
                response_length=len(response.text)
            )
            
            return {
                "method": method.upper(),
                "url": url,
                "status_code": response.status_code,
                "response_headers": dict(response.headers),
                "response_content": response.text,
                "response_length": len(response.text),
                "request_headers": headers,
                "request_cookies": cookies,
                "request_body": body,
                "logged_to": log_path
            }
    except Exception as e:
        # Log the error
        log_request_response(
            method=method.upper(), url=url, headers=headers, cookies=cookies, body=body,
            status_code=0, response_headers={}, response_content="", response_length=0,
            error=str(e)
        )
        raise e

src/mcp_requests/main.py:30-54 (helper)

Helper function that logs full request/response details (including preview of long content) to a timestamped log file in ~/mcp_requests_logs/. Returns the log file path.

def log_request_response(method: str, url: str, headers: dict, cookies: dict, body: str, 
                        status_code: int, response_headers: dict, response_content: str, 
                        response_length: int, error: str = None):
    """Log complete request and response details"""
    log_data = {
        "timestamp": datetime.datetime.now().isoformat(),
        "request": {
            "method": method,
            "url": url,
            "headers": headers,
            "cookies": cookies,
            "body": body,
            "body_length": len(body) if body else 0
        },
        "response": {
            "status_code": status_code if not error else "ERROR",
            "headers": response_headers if not error else {},
            "content_length": response_length if not error else 0,
            "content_preview": response_content[:500] + "..." if response_content and len(response_content) > 500 else response_content
        },
        "error": error
    }
    
    logger.info(f"HTTP_REQUEST: {json.dumps(log_data, indent=2, ensure_ascii=False)}")
    return log_path

src/mcp_requests/main.py:208-208 (registration)
The @mcp.tool() decorator registers the http_raw_request function as an MCP tool.
```
@mcp.tool()
```

src/mcp_requests/main.py:209-216 (schema)

Function signature defining input parameters and return type for the tool schema, used by MCP to generate JSON schema.

def http_raw_request(
    url: str,
    method: str = "GET", 
    raw_body: Union[str, Dict[str, Any]] = "",
    headers: Optional[Dict[str, str]] = None,
    cookies: Optional[Dict[str, str]] = None,
    timeout: float = 30.0
) -> str:

Tool Definition Quality

A4.6/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden and excels. It discloses critical behavioral traits: preserves all characters exactly (no truncation/encoding), logs all requests/responses to a specific directory (~/mcp_requests_logs/), and guarantees zero modifications to input. This provides essential context about security implications and side effects.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized but not optimally structured. It uses emojis and formatting that may not parse well in all contexts. While information-dense, it could be more front-loaded with the core purpose before details. Every sentence earns its place, but the presentation could be more streamlined for agent consumption.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (security-critical HTTP tool with 6 parameters, no annotations, no output schema), the description does well. It covers behavioral guarantees, logging, use cases, and precision characteristics. However, it doesn't mention error handling, response format expectations, or authentication requirements that might be relevant for a raw HTTP tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. While it doesn't explicitly name parameters, it provides crucial semantic context for several: explains how headers/cookies/body parameters are handled (preserved exactly), mentions special character handling relevant to all string parameters, and implies timeout behavior through the precision focus. However, it doesn't cover all 6 parameters explicitly.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool 'sends HTTP requests with ABSOLUTE PRECISION' and emphasizes it's for 'security testing'. It distinguishes from sibling tools (http_get, http_post, etc.) by highlighting its raw, unmodified request handling rather than being method-specific. The description goes beyond the name/title to explain the specific behavior.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use this tool: 'Perfect for: all kinds of security vulnerability testing, testing like SQL injection, XSS, CSRF, authentication bypass, parameter pollution'. It also implicitly distinguishes from sibling tools by emphasizing raw precision rather than convenience methods. The description provides clear context about appropriate use cases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

http_getC
@godzeo/mcp-request
http_patchC
@godzeo/mcp-request
http_headC
@godzeo/mcp-request
http_postC
@godzeo/mcp-request
http_optionsC
@godzeo/mcp-request
http_putC
@godzeo/mcp-request

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/godzeo/mcp-request'

If you have feedback or need assistance with the MCP directory API, please join our Discord server