Public

Burpsuite-MCP-Server

Name: Burpsuite-MCP-Server
Rating: 5 (100 reviews)
Author: X3r0K

See in Github

2025-04-03

Burpsuite MCP Server: un puissant Protocole de contexte de modèle (MCP) Implémentation du serveur pour Burpsuite, offrant un accès programmatique aux fonctionnalités principales de Burp.

1

Github Watches

1

Github Forks

19

Github Stars

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

🚀 Features

🔄 Proxy Tool

Intercept and modify HTTP/HTTPS traffic
View and manipulate requests/responses
Access proxy history
Real-time request/response manipulation

# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "method": "GET",
    "headers": {"User-Agent": "Custom"},
    "intercept": true
  }'

# View proxy history
curl "http://localhost:8000/proxy/history"

🔍 Scanner Tool

Active and passive scanning
Custom scan configurations
Real-time issue tracking
Scan status monitoring

# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com",
    "scan_type": "active",
    "scan_configurations": {
      "scope": "strict",
      "audit_checks": ["xss", "sqli"]
    }
  }'

# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"

# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

📝 Logger Tool

Comprehensive HTTP traffic logging
Advanced filtering and search
Vulnerability detection
Traffic analysis
Suspicious pattern detection

# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"

# Search logs
curl "http://localhost:8000/logger/logs?search=password"

# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"

# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"

# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"

curl "http://localhost:8000/logger/vulnerabilities/severity"

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

🔥 XSS (Cross-Site Scripting)
💉 SQL Injection
🗂️ Path Traversal
📁 File Inclusion
🌐 SSRF (Server-Side Request Forgery)
📄 XXE (XML External Entity)
🔒 CSRF (Cross-Site Request Forgery)
🔄 Open Redirect
⚡ Command Injection

🛠️ Setup

Clone the repository

git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server

Install Dependencies

pip install -r requirements.txt

Configure Environment

# Copy .env.example to .env
cp .env.example .env

# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000

Start the Server

python main.py

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

Total requests count
Unique URLs
HTTP method distribution
Status code distribution
Content type analysis
Average response time

Vulnerability Analysis

Vulnerability type summary
Top vulnerable endpoints
Suspicious patterns
Real-time vulnerability detection

Log Filtering

By HTTP method
By status code
By URL pattern
By content type
By content length
By time range
By vulnerability type

🔒 Security Considerations

Run in a secure environment
Configure appropriate authentication
Use HTTPS in production
Keep BurpSuite API key secure
Monitor and audit access

📚 API Documentation

For detailed API documentation, visit:

Swagger UI: http://localhost:8000/docs
ReDoc: http://localhost:8000/redoc

Cursor Integration

The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:

Configuration Files

settings.json: Contains MCP server configuration
- Server host and port settings
- Endpoint configurations
- BurpSuite proxy settings
- Logger settings
- Python interpreter path
tasks.json: Defines common tasks
- Start MCP Server
- Run Vulnerability Tests
- Check Vulnerabilities
launch.json: Contains debugging configurations
- Debug MCP Server
- Debug Vulnerability Tests

Using in Cursor

Open the project in Cursor
The MCP server configuration will be automatically loaded
Access features through:
- Command Palette (Ctrl+Shift+P) for running tasks
- Debug menu for debugging sessions
- Automatic Python interpreter configuration

The server will be accessible at http://localhost:8000 with the following endpoints:

/proxy/intercept for request interception
/logger for logging functionality
/logger/vulnerabilities/severity for vulnerability analysis

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

BurpSuite - The original security testing tool
FastAPI - The web framework used
Python - The programming language used

Reviews

2 (1)

user_vNlaG0E6

2025-04-16

BurpSuite-MCP-Server by X3r0K is an excellent tool for managing various Burp Suite project configurations seamlessly. The integration is smooth and user-friendly, making it essential for any cybersecurity professional. Check it out on GitHub for details!