Webhook.site MCP Server
Enables interaction with Webhook.site to create, manage, and monitor endpoints for capturing HTTP requests, emails, and DNS lookups. It provides 16 tools for testing webhooks and inspecting incoming data through the Model Context Protocol.
README
Webhook.site MCP Server
A Model Context Protocol (MCP) server for webhook.site - instantly capture HTTP requests, emails, and DNS lookups. Perfect for testing webhooks, debugging API callbacks, security testing, and bug bounty hunting.
Table of Contents
- Quick Start
- What Can You Do?
- Tools Reference
- Examples
- Each Webhook Token Provides
- Architecture
- Development
- Contributing
- Requirements
- Changelog
- Links
Quick Start
Installation
# Using uvx (recommended - no install needed)
uvx webhook-mcp-server
# Or install via pip
pip install webhook-mcp-server
VS Code / GitHub Copilot
Add to .vscode/mcp.json:
{
"servers": {
"webhook-mcp-server": {
"type": "stdio",
"command": "uvx",
"args": ["webhook-mcp-server"]
}
}
}
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"webhook-mcp-server": {
"command": "uvx",
"args": ["webhook-mcp-server"]
}
}
}
What Can You Do?
Capture Webhooks
"Create a webhook and show me the URL"
"What requests have been sent to my webhook?"
"Wait for a request to come in"
<img width="555" height="555" alt="Webhooks" src="https://github.com/user-attachments/assets/75558234-9d93-4b79-817e-373a5ce75382" />
Security/Bug Bounty:
"Generate an SSRF payload to test for blind vulnerabilities"
"Create XSS callback payloads to detect blind XSS attacks"
"Make me a canary token to detect if someone accesses a URL"
<img width="555" height="555" alt="Security" src="https://github.com/user-attachments/assets/12150308-932a-4872-acd9-5473c7dde6ff" />
Email Automation:
"Create a temp email and wait for a password reset link"
"Monitor this webhook for emails and extract all links from them"
"Give me 3 temporary emails at once" (batch creation)
<img width="555" height="555" alt="Email" src="https://github.com/user-attachments/assets/04af7d6e-e8aa-4e35-a817-2204cde8f5e7" />
API Testing:
"Create a webhook that returns a 404 error with a custom message"
"Make a webhook with CORS enabled that waits 5 seconds before responding"
"Send 10 different test requests to a webhook and show me all the captured data"
<img width="555" height="555" alt="API" src="https://github.com/user-attachments/assets/d8f2c46b-fb40-4e57-8957-0edef8e94db6" />
Real-time Monitoring:
"Create a webhook and wait for any HTTP request to arrive"
"Monitor for DNS lookups to detect if a server is making DNS queries"
"Search all requests for ones containing 'password' in the body"
<img width="555" height="555" alt="Monitoring" src="https://github.com/user-attachments/assets/12c9d270-f9df-489a-8be1-9afb4726404b" />
Data Analysis:
"Export all captured webhook requests to JSON format"
"Show me statistics on requests received in the last hour"
"Filter and show only POST requests with specific headers"
<img width="555" height="555" alt="Data" src="https://github.com/user-attachments/assets/51cd0032-d92b-46e7-9f0c-6cee96b6e4f3" />
Creative/Practical:
"Create a webhook that pretends to be a Stripe payment API"
"Make a fake login endpoint that captures credentials (for pentesting)"
"Set up an email inbox that auto-extracts verification codes"
<img width="555" height="555" alt="Practical" src="https://github.com/user-attachments/assets/a15bcbc4-087a-40bb-a1e5-a42475bd1301" />
Canary Tokens
"Create a canary URL to track document access"
"Generate a DNS canary for the config file"
"Set up an email tracker pixel"
<img width="555" height="555" alt="CanaryTokens" src="https://github.com/user-attachments/assets/2e6af1f5-55d6-4670-b899-6809f3031439" />
Tools Reference
Webhook Management
| Tool | Description |
|---|---|
create_webhook |
Create a new webhook endpoint |
create_webhook_with_config |
Create with custom response, status, CORS, timeout |
get_webhook_url |
Get the full URL for a webhook token |
get_webhook_email |
Get the email address for a webhook |
get_webhook_dns |
Get the DNS subdomain for a webhook |
get_webhook_info |
Get webhook settings and statistics |
update_webhook |
Modify webhook configuration |
delete_webhook |
Delete a webhook endpoint |
Request Handling
| Tool | Description |
|---|---|
send_to_webhook |
Send JSON data to a webhook |
get_webhook_requests |
List all captured requests |
search_requests |
Search with filters (method, content, date) |
delete_request |
Delete a specific request |
delete_all_requests |
Bulk delete with filters |
Real-Time Waiting
| Tool | Description |
|---|---|
wait_for_request |
Wait for an HTTP request (polling) |
wait_for_email |
Wait for email with automatic link extraction |
Bug Bounty / Security
| Tool | Description |
|---|---|
generate_ssrf_payload |
Create SSRF test payloads (HTTP, DNS, IP-based) |
generate_xss_callback |
Create XSS callback payloads with cookie/DOM capture |
generate_canary_token |
Create trackable URLs, DNS, or email canaries |
check_for_callbacks |
Quick check for OOB callbacks |
extract_links_from_request |
Extract URLs from captured requests |
Batch & Utility
| Tool | Description |
|---|---|
send_multiple_requests |
Send batch of requests for load testing |
export_webhook_data |
Export all requests to JSON |
Examples
Create a Webhook
// Response from create_webhook
{
"token": "abc123-def456-...",
"url": "https://webhook.site/abc123-def456-...",
"email": "abc123-def456-...@email.webhook.site",
"dns": "abc123-def456-....dnshook.site"
}
Wait for Password Reset Email
// Response from wait_for_email
{
"email_received": true,
"subject": "Password Reset Request",
"from": "noreply@example.com",
"links_found": ["https://example.com/reset?token=xyz789"]
}
SSRF Testing Payload
// Response from generate_ssrf_payload
{
"payloads": {
"http": "https://webhook.site/token?id=ssrf-test",
"dns": "ssrf-test.token.dnshook.site",
"ip_decimal": "http://2130706433/token",
"ip_hex": "http://0x7f000001/token"
}
}
Each Webhook Token Provides
| Endpoint | Format | Use Case |
|---|---|---|
| HTTP URL | https://webhook.site/{token} |
Capture HTTP/HTTPS requests |
| Subdomain | https://{token}.webhook.site |
Alternative URL format |
{token}@email.webhook.site |
Capture incoming emails | |
| DNS | {token}.dnshook.site |
Capture DNS lookups |
Architecture
webhook-mcp-server/
├── server.py # MCP entry point
├── handlers/ # Tool routing layer
├── services/ # Business logic
│ ├── webhook_service.py # Webhook CRUD
│ ├── request_service.py # Request management
│ └── bugbounty_service.py # Security payloads
├── models/ # Tool definitions & schemas
└── utils/ # HTTP client, logging, validation
Key Features
- Async Architecture - Non-blocking I/O for optimal performance
- Retry Logic - Exponential backoff for transient failures
- Input Validation - UUID validation, parameter sanitization
- Structured Logging - JSON logs for debugging and monitoring
- Type Safety - Full type hints throughout
Development
Setup
git clone https://github.com/zebbern/webhook-mcp-server.git
cd webhook-mcp-server
pip install -e ".[dev]"
Run Tests
pytest tests/ -v
Run Locally
python server.py
Requirements
- Python 3.10+
mcp >= 1.0.0httpx >= 0.25.0
Changelog
See CHANGELOG.md for version history.
Contributing
Contributions are welcome! Here's how you can help:
- Report bugs - Open an issue describing the problem
- Suggest features - Open an issue with your idea
- Submit PRs - Fork the repo and submit a pull request
Development Setup
git clone https://github.com/zebbern/webhook-mcp-server.git
cd webhook-mcp-server
pip install -e ".[dev]"
pytest tests/ -v
Guidelines
- Follow existing code style
- Add tests for new features
- Update documentation as needed
- Keep PRs focused on a single change
Links
- 📦 PyPI Package
- 🐙 GitHub Repository
- 🌐 webhook.site - The service this MCP wraps
- 📖 Model Context Protocol - MCP specification
Made with ❤️ for the MCP community
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.