burp-mcp-plus

Overview Schema Related Servers Score Discussions

send_request

Send HTTP/1.1 requests through Burp by mutating a history entry or building a new request from scratch, with optional inheritance of cookies and authentication.

Instructions

Issue an HTTP/1.1 request via Burp (no Repeater tab) and return the response. Two usage modes:

Mutate a history entry: pass history_id plus any of method/path/ set_headers/remove_headers/body.
Build from scratch: pass url + method + headers + body. Optionally inherit_from_history_id to copy cookies/auth from a baseline.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`history_id`	No
`url`	No
`method`	No
`path`	No
`set_headers`	No
`remove_headers`	No
`headers`	No
`body`	No
`inherit_from_history_id`	No
`page_size`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/burp_mcp_plus/server.py:332-408 (handler)

The 'send_request' tool handler function. It issues an HTTP/1.1 request via Burp (no Repeater tab) and returns the response. Two modes: (1) mutate a history entry by history_id, or (2) build from scratch with url+method+headers+body. Uses burp_client.call('send_http1_request', ...) to send.

@mcp.tool()
async def send_request(
    history_id: int | None = None,
    url: str | None = None,
    method: str | None = None,
    path: str | None = None,
    set_headers: dict[str, str] | None = None,
    remove_headers: list[str] | None = None,
    headers: dict[str, str] | None = None,
    body: str | None = None,
    inherit_from_history_id: int | None = None,
    page_size: int = 200,
) -> str:
    """Issue an HTTP/1.1 request via Burp (no Repeater tab) and return the
    response. Two usage modes:

    1. Mutate a history entry: pass `history_id` plus any of method/path/
       set_headers/remove_headers/body.
    2. Build from scratch: pass `url` + method + headers + body. Optionally
       `inherit_from_history_id` to copy cookies/auth from a baseline.
    """
    if history_id is not None and url is not None:
        raise ValueError("pass either history_id or url, not both")
    if history_id is None and url is None:
        raise ValueError("must pass history_id or url")

    if history_id is not None:
        payload = await burp_client.call(
            "get_proxy_http_history",
            {"count": page_size, "offset": 0},
        )
        entry = _extract_baseline(payload, history_id)
        base = parse_raw_request(_entry_raw_request(entry))
        new = apply_overrides(
            base,
            method=method,
            path=path,
            set_headers=set_headers,
            remove_headers=remove_headers,
            body=body,
        )
        host, port, https = _derive_target(new, entry)
    else:
        base_headers: dict[str, str] = {}
        if inherit_from_history_id is not None:
            payload = await burp_client.call(
                "get_proxy_http_history",
                {"count": page_size, "offset": 0},
            )
            entry = _extract_baseline(payload, inherit_from_history_id)
            baseline = parse_raw_request(_entry_raw_request(entry))
            for h in baseline.headers:
                if h.name.lower() in {"host", "content-length"}:
                    continue
                base_headers[h.name] = h.value
        if headers:
            for k, v in headers.items():
                base_headers[k] = v
        new = from_url(method or "GET", url, headers=base_headers, body=body or "")
        host, port, https = host_port_https(new, scheme_hint="https" if url.startswith("https") else "http")

    wire = build_wire(new)
    response = await burp_client.call(
        "send_http1_request",
        {
            "content": wire,
            "targetHostname": host,
            "targetPort": port,
            "usesHttps": https,
        },
    )
    return _format_response({
        "ok": True,
        "warnings": lint(new),
        "wire_preview": wire[:1024],
        "response": response,
    })

src/burp_mcp_plus/server.py:332-332 (registration)
The '@mcp.tool()' decorator on line 332 registers 'send_request' as an MCP tool with the FastMCP server.
```
@mcp.tool()
```

src/burp_mcp_plus/server.py:333-344 (schema)

The function signature defines the input schema/parameters for the send_request tool: history_id, url, method, path, set_headers, remove_headers, headers, body, inherit_from_history_id, page_size.

async def send_request(
    history_id: int | None = None,
    url: str | None = None,
    method: str | None = None,
    path: str | None = None,
    set_headers: dict[str, str] | None = None,
    remove_headers: list[str] | None = None,
    headers: dict[str, str] | None = None,
    body: str | None = None,
    inherit_from_history_id: int | None = None,
    page_size: int = 200,
) -> str:

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries full responsibility. It states the tool issues an HTTP/1.1 request, does not open a Repeater tab, and returns the response. It also explains the mutation mode modifies a history entry. It does not cover potential side effects like rate limiting or authentication details, but the core behavior is clear.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise and well-structured, with two usage modes clearly listed. Every sentence adds value without redundancy. It is appropriately front-loaded with the core purpose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description is mostly complete given the existence of an output schema (which explains return values). It covers parameters, modes, and behavior. However, it lacks examples or error handling info, and the page_size parameter is undocumented. For a complex tool with 10 parameters, it is adequate but not exhaustive.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, so the description must compensate. It explains 9 of 10 parameters (history_id, url, method, path, set_headers, remove_headers, headers, body, inherit_from_history_id) but does not mention 'page_size', which has a default of 200 and likely controls response pagination. This is a minor gap.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Issue an HTTP/1.1 request via Burp (no Repeater tab) and return the response.' It specifies the exact function (sending a request) and distinguishes it from siblings like 'repeater_from_history' by noting it does not open a Repeater tab.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on two usage modes (mutate history entry or build from scratch) and when to use each. It mentions optional parameter inheritance. However, it does not explicitly state when not to use this tool or suggest alternatives like Repeater or inspect_history_entry.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/titaniumtushar/burp-mcp-plus'

If you have feedback or need assistance with the MCP directory API, please join our Discord server