Fetch and pretty-print a Burp proxy history entry by index.

history_id is the 0-based index into the most recent page_size entries (Burp's MCP doesn't expose stable IDs; addressing is positional).

Use this to inspect cookies/headers before crafting a mutated request.

Send a request to Burp Repeater, built from a history baseline plus optional structured overrides.

The baseline contributes Host, cookies, auth, UA, etc. so the resulting request is always complete. Overrides modify only what you specify.

Args: history_id: id of the proxy history entry to clone tab_name: optional Repeater tab label method/path/body: override the corresponding field set_headers: replace or add these headers (case-insensitive) remove_headers: header names to delete page_size: how many recent history entries to scan to find the id

Send a request to Burp Repeater, built from scratch (URL + structured fields). Optionally inherit cookies/auth/UA from a history baseline.

Args: url: full URL, e.g. https://api.example.com/v1/users?id=1 method: HTTP method (default GET) headers: additional headers (overrides any inherited values) body: request body tab_name: Repeater tab label inherit_from_history_id: copy headers from this baseline first; the headers arg then overrides them. Host/Content-Length always re-derived from the new url+body.

Issue an HTTP/1.1 request via Burp (no Repeater tab) and return the response. Two usage modes:

1. Mutate a history entry: pass history_id plus any of method/path/ set_headers/remove_headers/body.

2. Build from scratch: pass url + method + headers + body. Optionally inherit_from_history_id to copy cookies/auth from a baseline.

Send a request to Burp Intruder, built from a history baseline.

payload_markers: list of substrings in the final request to wrap with Burp's '§' insertion markers. The substring must appear verbatim in the final wire format (after overrides are applied). Markers are added in order; duplicate substrings are wrapped only once each.

Search Burp proxy history with a regex; returns a compact list of matching entries with their history_index (0-based position in the returned page). Feed history_index into the other tools as history_id.

List recent Burp proxy history entries with their history_index.

Use this to browse and find an entry to feed into the repeater/intruder tools when a regex search isn't precise enough.

Generate one or more Burp Collaborator payloads.

Use these as out-of-band injection canaries (SSRF, blind XSS, OOB SQLi, etc.). Save the returned payloads, plant them, then poll collaborator_check to see who phoned home.

Poll Burp Collaborator for received interactions.

Returns whatever Burp's get_collaborator_interactions returns. If payload is given, the result is filtered to interactions referencing that payload string (best-effort substring match).

Build a sitemap from Burp proxy history (no upstream Target tool exists).

Groups entries by (host, path, method) and counts occurrences. Returns a tree-style JSON: { host: { method: [{path, count, last_status}] } }. Use host_filter (regex) to scope to a specific target.

Load a deduped_requests.txt file produced by the user's Burp Deduped HTTP History + JS Exporter extension.

path: filesystem path (absolute or ~-expandable). name: identifier to address this source by in later calls. Default: parent directory name.

List all registered dedup sources.

Regex-search a registered dedup source.

field: one of url, request, response, params, or all. Returns matches with index + url + status + a short snippet (token-thrifty). Use dedup_get to fetch the full request/response.

Fetch a dedup entry by its 1-based index.

By default returns metadata + truncated request/response previews. Set full=True to get the complete raw request and response.

Send a dedup entry to Burp Repeater, with optional structured overrides.

The dedup entry is the baseline (cookies, UA, etc. inherited). The wrapper rebuilds the wire format and pushes it via Burp's create_repeater_tab.

Load a _manifest.csv produced by the JS Exporter side of the user's Burp extension.

List all registered JS sources.

List JS files in a source, optionally filtered by host regex.

Grep across all on-disk JS files in a source.

Returns file:line + small context snippets (token-thrifty). Use js_read to fetch full content for files of interest.

Read one JS file from a source.

ref: either the integer index (as string), the full URL, the path, the saved_as path, or the basename. The first matching record wins.