MCP Servers

模型上下文协议服务器、框架、SDK 和模板的综合目录。

B
Burp MCP Pro
作者 @naecoyes
GitHub 仓库(1 星标)

Integrate Burp Suite with AI clients supporting the Model Context Protocol (MCP). This is an enhanced version of Burp Suite MCP Server providing comprehensive security testing capabilities.

创建于 10/7/2025
更新于 2 months ago
README
View Source
Repository documentation and setup instructions

Burp Suite MCP Server Extension

License: MIT

Overview

Integrate Burp Suite with AI clients supporting the Model Context Protocol (MCP). This is an enhanced version of Burp Suite MCP Server providing comprehensive security testing capabilities.

📖 中文文档: 查看中文README

Key Features

🚀 Core Functionality

  • AI Integration - Connect AI clients via MCP protocol
  • Claude Desktop - Automatic installation support
  • Embedded Proxy - Built-in Stdio MCP proxy server

🛡️ Security Testing Tools

  • HTTP Requests - Send HTTP/1.1 and HTTP/2 requests
  • Scanner Integration - Access scanner issues and statistics
  • Proxy Tools - Repeater and Intruder integration
  • History Analysis - HTTP and WebSocket history

📊 Dashboard Monitoring

  • Status Monitoring - Burp Suite key metrics
  • Audit Logs - Paginated scan activity queries
  • Target Scoping - Scope validation and checking
  • Real-time Stats - Scanner and proxy status

🔧 Utility Tools

  • Encoding/Decoding - URL, Base64 utilities
  • Random Generation - Test string generation
  • Configuration - Project and user settings
  • Editor Integration - Active editor content

Installation

Prerequisites

  • Java 21+
  • Burp Suite Professional (recommended)

Build

./gradlew embedProxyJar

Load in Burp Suite

  1. Open Burp Suite
  2. Navigate to Extender tab
  3. Click Add
  4. Select the JAR file
  5. Configure MCP server settings

Usage

Basic Workflow

// Check target scope
{"tool":"check_url_in_scope","parameters":{"url":"https://example.com"}}

// Send test request
{"tool":"send_http1_request","parameters":{
  "content":"GET /test HTTP/1.1\r\nHost: example.com\r\n\r\n",
  "targetHostname":"example.com",
  "targetPort":80,
  "usesHttps":false
}}

// View audit log (paginated)
{"tool":"get_audit_log","parameters":{"count":20,"offset":0}}

Pagination Examples

// Items 1-50
{"tool":"get_audit_log","parameters":{"count":50,"offset":0}}

// Items 200-250
{"tool":"get_audit_log","parameters":{"count":50,"offset":200}}

Tool List

Dashboard & Status Tools

  • get_audit_log - Get audit log and scanner activity summary (Professional only) - Use count and offset parameters for pagination (e.g., 1-200, 200-250)
  • get_burp_status - Get Burp Suite status and key metrics
  • get_site_map_info - Get SiteMap information and discovered URLs count
  • get_scanner_issues - Security issues found by scanner (Professional only)
  • get_scanner_issues_detailed - Detailed scanner issue statistics (Professional only)
  • get_target_scope_check - Target scope information and usage instructions
  • check_url_in_scope - Check if a URL is in the target scope

HTTP Tools

  • send_http1_request - Send HTTP/1.1 requests
  • send_http2_request - Send HTTP/2 requests
  • create_repeater_tab - Create Repeater tabs
  • send_to_intruder - Send requests to Intruder

History Tools

  • get_proxy_http_history - HTTP request/response history
  • get_proxy_http_history_regex - Regex-matched HTTP history
  • get_proxy_websocket_history - WebSocket message history
  • get_proxy_websocket_history_regex - Regex-matched WebSocket history

Utility Tools

  • url_encode/url_decode - URL encoding/decoding
  • base64_encode/base64_decode - Base64 encoding/decoding
  • generate_random_string - Generate random strings
  • set_task_execution_engine_state - Control Burp's task execution engine
  • set_proxy_intercept_state - Enable/disable proxy intercept

Configuration Tools

  • output_project_options/output_user_options - Export configuration
  • set_project_options/set_user_options - Import configuration (requires config editing enabled)

Editor Tools

  • get_active_editor_contents - Get active editor content
  • set_active_editor_contents - Set editor content

API Documentation

For detailed API documentation, see: Burp Suite Montoya API

Technical Details

Build Information

  • Language: Kotlin 2.1
  • Build Tool: Gradle 8.10
  • JDK: 21
  • MCP SDK: 0.5.0
  • Ktor: 3.1.3

Security Features

  • Request Validation - Prevent DNS rebinding attacks
  • Scope Control - Target scope validation
  • Permission Management - History access control
  • Browser Protection - Block browser access

License

MIT License - see LICENSE file

Contributing

Issues and Pull Requests are welcome to improve this project.

Support

Note: Some features require "Enable tools that can edit your config" to be checked in the MCP tab.

快速设置
此服务器的安装指南

安装命令 (包未发布)

git clone https://github.com/naecoyes/burp-mcp-pro
手动安装: 请查看 README 获取详细的设置说明和所需的其他依赖项。

Cursor 配置 (mcp.json)

{ "mcpServers": { "naecoyes-burp-mcp-pro": { "command": "git", "args": [ "clone", "https://github.com/naecoyes/burp-mcp-pro" ] } } }