Converts Figma frames into front-end code for various mobile frameworks.
Public
BurpSuite-MCP-Server
2025-04-03
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
3 years
Works with Finder
1
Github Watches
1
Github Forks
19
Github Stars
🛡️ BurpSuite MCP Server
A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
🚀 Features
🔄 Proxy Tool
- Intercept and modify HTTP/HTTPS traffic
- View and manipulate requests/responses
- Access proxy history
- Real-time request/response manipulation
# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com",
"method": "GET",
"headers": {"User-Agent": "Custom"},
"intercept": true
}'
# View proxy history
curl "http://localhost:8000/proxy/history"
🔍 Scanner Tool
- Active and passive scanning
- Custom scan configurations
- Real-time issue tracking
- Scan status monitoring
# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
-H "Content-Type: application/json" \
-d '{
"target_url": "https://example.com",
"scan_type": "active",
"scan_configurations": {
"scope": "strict",
"audit_checks": ["xss", "sqli"]
}
}'
# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"
# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"
📝 Logger Tool
- Comprehensive HTTP traffic logging
- Advanced filtering and search
- Vulnerability detection
- Traffic analysis
- Suspicious pattern detection
# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"
# Search logs
curl "http://localhost:8000/logger/logs?search=password"
# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"
# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"
# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"
curl "http://localhost:8000/logger/vulnerabilities/severity"
🎯 Vulnerability Detection
Automatically detects multiple types of vulnerabilities:
- 🔥 XSS (Cross-Site Scripting)
- 💉 SQL Injection
- 🗂️ Path Traversal
- 📁 File Inclusion
- 🌐 SSRF (Server-Side Request Forgery)
- 📄 XXE (XML External Entity)
- 🔒 CSRF (Cross-Site Request Forgery)
- 🔄 Open Redirect
- ⚡ Command Injection
🛠️ Setup
- Clone the repository
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
- Install Dependencies
pip install -r requirements.txt
- Configure Environment
# Copy .env.example to .env
cp .env.example .env
# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000
- Start the Server
python main.py
The server will start on http://localhost:8000
📊 Analysis Features
Traffic Analysis
- Total requests count
- Unique URLs
- HTTP method distribution
- Status code distribution
- Content type analysis
- Average response time
Vulnerability Analysis
- Vulnerability type summary
- Top vulnerable endpoints
- Suspicious patterns
- Real-time vulnerability detection
Log Filtering
- By HTTP method
- By status code
- By URL pattern
- By content type
- By content length
- By time range
- By vulnerability type
🔒 Security Considerations
- Run in a secure environment
- Configure appropriate authentication
- Use HTTPS in production
- Keep BurpSuite API key secure
- Monitor and audit access
📚 API Documentation
For detailed API documentation, visit:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
Cursor Integration
The MCP server is configured to work seamlessly with Cursor IDE. The .cursor directory contains all necessary configuration files:
Configuration Files
-
settings.json: Contains MCP server configuration- Server host and port settings
- Endpoint configurations
- BurpSuite proxy settings
- Logger settings
- Python interpreter path
-
tasks.json: Defines common tasks- Start MCP Server
- Run Vulnerability Tests
- Check Vulnerabilities
-
launch.json: Contains debugging configurations- Debug MCP Server
- Debug Vulnerability Tests
Using in Cursor
- Open the project in Cursor
- The MCP server configuration will be automatically loaded
- Access features through:
- Command Palette (Ctrl+Shift+P) for running tasks
- Debug menu for debugging sessions
- Automatic Python interpreter configuration
The server will be accessible at http://localhost:8000 with the following endpoints:
-
/proxy/interceptfor request interception -
/loggerfor logging functionality -
/logger/vulnerabilities/severityfor vulnerability analysis
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
相关推荐
I find academic articles and books for research and literature reviews.
Embark on a thrilling diplomatic quest across a galaxy on the brink of war. Navigate complex politics and alien cultures to forge peace and avert catastrophe in this immersive interstellar adventure.
Confidential guide on numerology and astrology, based of GG33 Public information
Advanced software engineer GPT that excels through nailing the basics.
Delivers concise Python code and interprets non-English comments
💬 MaxKB is an open-source AI assistant for enterprise. It seamlessly integrates RAG pipelines, supports robust workflows, and provides MCP tool-use capabilities.
The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, No-code agent builder, MCP compatibility, and more.
Micropython I2C-based manipulation of the MCP series GPIO expander, derived from Adafruit_MCP230xx
MCP server to provide Figma layout information to AI coding agents like Cursor
Reviews
2
(1)
user_vNlaG0E6
2025-04-16
BurpSuite-MCP-Server by X3r0K is an excellent tool for managing various Burp Suite project configurations seamlessly. The integration is smooth and user-friendly, making it essential for any cybersecurity professional. Check it out on GitHub for details!