burp-mcp-pro

naecoyes/burp-mcp-pro

3.3

If you are the rightful owner of burp-mcp-pro and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Burp Suite MCP Server Extension integrates Burp Suite with AI clients using the Model Context Protocol (MCP), enhancing security testing capabilities.

Tools
3
Resources
0
Prompts
0

Burp Suite MCP Server Extension

License: MIT

Overview

Integrate Burp Suite with AI clients supporting the Model Context Protocol (MCP). This is an enhanced version of Burp Suite MCP Server providing comprehensive security testing capabilities.

πŸ“– δΈ­ζ–‡ζ–‡ζ‘£:

Key Features

πŸš€ Core Functionality

  • AI Integration - Connect AI clients via MCP protocol
  • Claude Desktop - Automatic installation support
  • Embedded Proxy - Built-in Stdio MCP proxy server

πŸ›‘οΈ Security Testing Tools

  • HTTP Requests - Send HTTP/1.1 and HTTP/2 requests
  • Scanner Integration - Access scanner issues and statistics
  • Proxy Tools - Repeater and Intruder integration
  • History Analysis - HTTP and WebSocket history

πŸ“Š Dashboard Monitoring

  • Status Monitoring - Burp Suite key metrics
  • Audit Logs - Paginated scan activity queries
  • Target Scoping - Scope validation and checking
  • Real-time Stats - Scanner and proxy status

πŸ”§ Utility Tools

  • Encoding/Decoding - URL, Base64 utilities
  • Random Generation - Test string generation
  • Configuration - Project and user settings
  • Editor Integration - Active editor content

Installation

Prerequisites

  • Java 21+
  • Burp Suite Professional (recommended)

Build

./gradlew embedProxyJar

Load in Burp Suite

  1. Open Burp Suite
  2. Navigate to Extender tab
  3. Click Add
  4. Select the JAR file
  5. Configure MCP server settings

Usage

Basic Workflow

// Check target scope
{"tool":"check_url_in_scope","parameters":{"url":"https://example.com"}}

// Send test request
{"tool":"send_http1_request","parameters":{
  "content":"GET /test HTTP/1.1\r\nHost: example.com\r\n\r\n",
  "targetHostname":"example.com",
  "targetPort":80,
  "usesHttps":false
}}

// View audit log (paginated)
{"tool":"get_audit_log","parameters":{"count":20,"offset":0}}

Pagination Examples

// Items 1-50
{"tool":"get_audit_log","parameters":{"count":50,"offset":0}}

// Items 200-250
{"tool":"get_audit_log","parameters":{"count":50,"offset":200}}

Tool List

Dashboard & Status Tools

  • get_audit_log - Get audit log and scanner activity summary (Professional only) - Use count and offset parameters for pagination (e.g., 1-200, 200-250)
  • get_burp_status - Get Burp Suite status and key metrics
  • get_site_map_info - Get SiteMap information and discovered URLs count
  • get_scanner_issues - Security issues found by scanner (Professional only)
  • get_scanner_issues_detailed - Detailed scanner issue statistics (Professional only)
  • get_target_scope_check - Target scope information and usage instructions
  • check_url_in_scope - Check if a URL is in the target scope

HTTP Tools

  • send_http1_request - Send HTTP/1.1 requests
  • send_http2_request - Send HTTP/2 requests
  • create_repeater_tab - Create Repeater tabs
  • send_to_intruder - Send requests to Intruder

History Tools

  • get_proxy_http_history - HTTP request/response history
  • get_proxy_http_history_regex - Regex-matched HTTP history
  • get_proxy_websocket_history - WebSocket message history
  • get_proxy_websocket_history_regex - Regex-matched WebSocket history

Utility Tools

  • url_encode/url_decode - URL encoding/decoding
  • base64_encode/base64_decode - Base64 encoding/decoding
  • generate_random_string - Generate random strings
  • set_task_execution_engine_state - Control Burp's task execution engine
  • set_proxy_intercept_state - Enable/disable proxy intercept

Configuration Tools

  • output_project_options/output_user_options - Export configuration
  • set_project_options/set_user_options - Import configuration (requires config editing enabled)

Editor Tools

  • get_active_editor_contents - Get active editor content
  • set_active_editor_contents - Set editor content

API Documentation

For detailed API documentation, see: Burp Suite Montoya API

Technical Details

Build Information

  • Language: Kotlin 2.1
  • Build Tool: Gradle 8.10
  • JDK: 21
  • MCP SDK: 0.5.0
  • Ktor: 3.1.3

Security Features

  • Request Validation - Prevent DNS rebinding attacks
  • Scope Control - Target scope validation
  • Permission Management - History access control
  • Browser Protection - Block browser access

License

MIT License - see LICENSE file

Contributing

Issues and Pull Requests are welcome to improve this project.

Support

Note: Some features require "Enable tools that can edit your config" to be checked in the MCP tab.