๐Ÿ›ก๏ธ BurpSuite MCP Server

๐Ÿ›ก๏ธ BurpSuite MCP Server

Mirror of

MCP-Mirror

Developer Tools
Visit Server

README

๐Ÿ›ก๏ธ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

Python FastAPI License

๐Ÿš€ Features

๐Ÿ”„ Proxy Tool

  • Intercept and modify HTTP/HTTPS traffic
  • View and manipulate requests/responses
  • Access proxy history
  • Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "method": "GET",
    "headers": {"User-Agent": "Custom"},
    "intercept": true
  }'

# View proxy history
curl "http://localhost:8000/proxy/history"

๐Ÿ” Scanner Tool

  • Active and passive scanning
  • Custom scan configurations
  • Real-time issue tracking
  • Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com",
    "scan_type": "active",
    "scan_configurations": {
      "scope": "strict",
      "audit_checks": ["xss", "sqli"]
    }
  }'

# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"

# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

๐Ÿ“ Logger Tool

  • Comprehensive HTTP traffic logging
  • Advanced filtering and search
  • Vulnerability detection
  • Traffic analysis
  • Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"

# Search logs
curl "http://localhost:8000/logger/logs?search=password"

# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"

# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"

# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"

curl "http://localhost:8000/logger/vulnerabilities/severity"

๐ŸŽฏ Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

  • ๐Ÿ”ฅ XSS (Cross-Site Scripting)
  • ๐Ÿ’‰ SQL Injection
  • ๐Ÿ—‚๏ธ Path Traversal
  • ๐Ÿ“ File Inclusion
  • ๐ŸŒ SSRF (Server-Side Request Forgery)
  • ๐Ÿ“„ XXE (XML External Entity)
  • ๐Ÿ”’ CSRF (Cross-Site Request Forgery)
  • ๐Ÿ”„ Open Redirect
  • โšก Command Injection

๐Ÿ› ๏ธ Setup

  1. Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
  1. Install Dependencies
pip install -r requirements.txt
  1. Configure Environment
# Copy .env.example to .env
cp .env.example .env

# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000
  1. Start the Server
python main.py

The server will start on http://localhost:8000

๐Ÿ“Š Analysis Features

Traffic Analysis

  • Total requests count
  • Unique URLs
  • HTTP method distribution
  • Status code distribution
  • Content type analysis
  • Average response time

Vulnerability Analysis

  • Vulnerability type summary
  • Top vulnerable endpoints
  • Suspicious patterns
  • Real-time vulnerability detection

Log Filtering

  • By HTTP method
  • By status code
  • By URL pattern
  • By content type
  • By content length
  • By time range
  • By vulnerability type

๐Ÿ”’ Security Considerations

  1. Run in a secure environment
  2. Configure appropriate authentication
  3. Use HTTPS in production
  4. Keep BurpSuite API key secure
  5. Monitor and audit access

๐Ÿ“š API Documentation

For detailed API documentation, visit:

  • Swagger UI: http://localhost:8000/docs
  • ReDoc: http://localhost:8000/redoc image

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

  1. settings.json: Contains MCP server configuration

    • Server host and port settings
    • Endpoint configurations
    • BurpSuite proxy settings
    • Logger settings
    • Python interpreter path

  2. tasks.json: Defines common tasks

    • Start MCP Server
    • Run Vulnerability Tests
    • Check Vulnerabilities

  3. launch.json: Contains debugging configurations

    • Debug MCP Server
    • Debug Vulnerability Tests

Using in Cursor

  1. Open the project in Cursor
  2. The MCP server configuration will be automatically loaded
  3. Access features through:
    • Command Palette (Ctrl+Shift+P) for running tasks
    • Debug menu for debugging sessions
    • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

  • /proxy/intercept for request interception
  • /logger for logging functionality
  • /logger/vulnerabilities/severity for vulnerability analysis

image

image

๐Ÿ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

๐Ÿ™ Acknowledgments

  • BurpSuite - The original security testing tool
  • FastAPI - The web framework used
  • Python - The programming language used

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
MCP Package Docs Server

MCP Package Docs Server

Facilitates LLMs to efficiently access and fetch structured documentation for packages in Go, Python, and NPM, enhancing software development with multi-language support and performance optimization.

Featured
Local
TypeScript
Claude Code MCP

Claude Code MCP

An implementation of Claude Code as a Model Context Protocol server that enables using Claude's software engineering capabilities (code generation, editing, reviewing, and file operations) through the standardized MCP interface.

Featured
Local
JavaScript
@kazuph/mcp-taskmanager

@kazuph/mcp-taskmanager

Model Context Protocol server for Task Management. This allows Claude Desktop (or any MCP client) to manage and execute tasks in a queue-based system.

Featured
Local
JavaScript
Linear MCP Server

Linear MCP Server

Enables interaction with Linear's API for managing issues, teams, and projects programmatically through the Model Context Protocol.

Featured
JavaScript
mermaid-mcp-server

mermaid-mcp-server

A Model Context Protocol (MCP) server that converts Mermaid diagrams to PNG images.

Featured
JavaScript
Jira-Context-MCP

Jira-Context-MCP

MCP server to provide Jira Tickets information to AI coding agents like Cursor

Featured
TypeScript
Linear MCP Server

Linear MCP Server

A Model Context Protocol server that integrates with Linear's issue tracking system, allowing LLMs to create, update, search, and comment on Linear issues through natural language interactions.

Featured
JavaScript
Sequential Thinking MCP Server

Sequential Thinking MCP Server

This server facilitates structured problem-solving by breaking down complex issues into sequential steps, supporting revisions, and enabling multiple solution paths through full MCP integration.

Featured
Python