PY

BurpSuite-MCP-Server

by X3r0K/BurpSuite-MCP-Server

0 views

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

automationpythonSecurity & Privacy

๐Ÿ›ก๏ธ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

MseeP.ai Security Assessment Badge Python FastAPI License

๐Ÿš€ Features

๐Ÿ”„ Proxy Tool

  • Intercept and modify HTTP/HTTPS traffic
  • View and manipulate requests/responses
  • Access proxy history
  • Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "method": "GET",
    "headers": {"User-Agent": "Custom"},
    "intercept": true
  }'

# View proxy history
curl "http://localhost:8000/proxy/history"

๐Ÿ” Scanner Tool

  • Active and passive scanning
  • Custom scan configurations
  • Real-time issue tracking
  • Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com",
    "scan_type": "active",
    "scan_configurations": {
      "scope": "strict",
      "audit_checks": ["xss", "sqli"]
    }
  }'

# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"

# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

๐Ÿ“ Logger Tool

  • Comprehensive HTTP traffic logging
  • Advanced filtering and search
  • Vulnerability detection
  • Traffic analysis
  • Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"

# Search logs
curl "http://localhost:8000/logger/logs?search=password"

# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"

# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"

# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"

curl "http://localhost:8000/logger/vulnerabilities/severity"

๐ŸŽฏ Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

  • ๐Ÿ”ฅ XSS (Cross-Site Scripting)
  • ๐Ÿ’‰ SQL Injection
  • ๐Ÿ—‚๏ธ Path Traversal
  • ๐Ÿ“ File Inclusion
  • ๐ŸŒ SSRF (Server-Side Request Forgery)
  • ๐Ÿ“„ XXE (XML External Entity)
  • ๐Ÿ”’ CSRF (Cross-Site Request Forgery)
  • ๐Ÿ”„ Open Redirect
  • โšก Command Injection

๐Ÿ› ๏ธ Setup

  1. Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
  1. Install Dependencies
pip install -r requirements.txt
  1. Configure Environment
# Copy .env.example to .env
cp .env.example .env

# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000
  1. Start the Server
python main.py

The server will start on http://localhost:8000

๐Ÿ“Š Analysis Features

Traffic Analysis

  • Total requests count
  • Unique URLs
  • HTTP method distribution
  • Status code distribution
  • Content type analysis
  • Average response time

Vulnerability Analysis

  • Vulnerability type summary
  • Top vulnerable endpoints
  • Suspicious patterns
  • Real-time vulnerability detection

Log Filtering

  • By HTTP method
  • By status code
  • By URL pattern
  • By content type
  • By content length
  • By time range
  • By vulnerability type

๐Ÿ”’ Security Considerations

  1. Run in a secure environment
  2. Configure appropriate authentication
  3. Use HTTPS in production
  4. Keep BurpSuite API key secure
  5. Monitor and audit access

๐Ÿ“š API Documentation

For detailed API documentation, visit:

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

  1. settings.json: Contains MCP server configuration

    • Server host and port settings
    • Endpoint configurations
    • BurpSuite proxy settings
    • Logger settings
    • Python interpreter path

  2. tasks.json: Defines common tasks

    • Start MCP Server
    • Run Vulnerability Tests
    • Check Vulnerabilities

  3. launch.json: Contains debugging configurations

    • Debug MCP Server
    • Debug Vulnerability Tests

Using in Cursor

  1. Open the project in Cursor
  2. The MCP server configuration will be automatically loaded
  3. Access features through:
    • Command Palette (Ctrl+Shift+P) for running tasks
    • Debug menu for debugging sessions
    • Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

  • /proxy/intercept for request interception
  • /logger for logging functionality
  • /logger/vulnerabilities/severity for vulnerability analysis

image

image

๐Ÿ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

๐Ÿ™ Acknowledgments

  • BurpSuite - The original security testing tool
  • FastAPI - The web framework used
  • Python - The programming language used

Install

{
  "mcpServers": {
    "burpsuite-mcp-server": {
      "command": "python",
      "args": [
        "main.py"
      ]
    }
  }
}
For more configuration details, refer to the content on the left

Related

Related projects feature coming soon

Will recommend related projects based on sub-categories