Burpmcp
What is Burpmcp
BurpMCP is a Model Context Protocol (MCP) server designed for Burp Suite, enabling LLMs to retrieve data from Burp Suite’s proxy history. It assists researchers and penetration testers in conducting security tests and analyses more effectively.
Use cases
Use cases for BurpMCP include automating security testing processes, analyzing web application vulnerabilities, and integrating with other tools for enhanced security assessments.
How to use
To use BurpMCP, install the Burp Suite extension by downloading the MCPBurpExtension.jar file and adding it through the ‘Extensions’ tab in Burp Suite. Then, set up the MCP Client with the appropriate command and arguments to run the server.
Key features
Key features of BurpMCP include SQL-like data querying capabilities, allowing users to retrieve specific fields from Burp Suite’s proxy history, such as raw requests, request types, URLs, hosts, response statuses, and more.
Where to use
BurpMCP is primarily used in the fields of cybersecurity, particularly in penetration testing, security research, and vulnerability assessments, where efficient data retrieval from proxy history is essential.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Burpmcp
BurpMCP is a Model Context Protocol (MCP) server designed for Burp Suite, enabling LLMs to retrieve data from Burp Suite’s proxy history. It assists researchers and penetration testers in conducting security tests and analyses more effectively.
Use cases
Use cases for BurpMCP include automating security testing processes, analyzing web application vulnerabilities, and integrating with other tools for enhanced security assessments.
How to use
To use BurpMCP, install the Burp Suite extension by downloading the MCPBurpExtension.jar file and adding it through the ‘Extensions’ tab in Burp Suite. Then, set up the MCP Client with the appropriate command and arguments to run the server.
Key features
Key features of BurpMCP include SQL-like data querying capabilities, allowing users to retrieve specific fields from Burp Suite’s proxy history, such as raw requests, request types, URLs, hosts, response statuses, and more.
Where to use
BurpMCP is primarily used in the fields of cybersecurity, particularly in penetration testing, security research, and vulnerability assessments, where efficient data retrieval from proxy history is essential.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Burp Suite MCP Server
项目简介
BurpsuiteMCP 是一个模型上下文协议服务器,允许LLMs从Burp Suite代理历史记录中检索数据, 从而帮助研究人员和渗透测试人员更有效地进行安全测试和分析。
该项目灵感来自于GhidraMCP
主要功能
- 基于SQL的数据查询:使用类似SQL的语法从Burp Suite代理历史记录中检索数据
目前支持从Burp Suite代理历史记录中检索数据包括:
- 原始请求
- 请求类型(POST, GET, etc.)
- 请求URL
- Host
- 请求体
- 原始响应
- 响应类型
- 响应状态码
- 响应体
相比于官方的MCP:
优点:
- 可以指定
HTTP History的返回字段, 避免同意返回带来上下文过长的问题。
缺点:
- 其他功能没官方多
- 也没有UI
演示
https://github.com/user-attachments/assets/466e0c4a-137d-4589-a8e7-7ffbb37fb863
安装说明
前提条件
- Java 17 或更高版本
- Python 3.11或更高版本
安装步骤
-
安装Burp Suite扩展:
- 下载最新的
MCPBurpExtension.jar文件 - 在Burp Suite中,打开"扩展"选项卡
- 点击"添加"按钮,选择"Java扩展"
- 选择下载的JAR文件
- 扩展将在端口8889上启动HTTP服务器
- 下载最新的
-
安装Python依赖:
uv sync
使用指南
基本用法
use MCP Client
{
"mcpServers": {
"burpsuite": {
"command": "python",
"args": [
"/ABSOLUTE_PATH_TO/burpsuite_mcp.py"
]
}
}
}Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
