Web security testing via Burp Suite
## Burp Suite MCP Server: Web Application Security Testing The **Burp Suite MCP Server** integrates PortSwigger's industry-leading web security testing platform into Google Antigravity, enabling automated vulnerability scanning, penetration testing, and security assessment workflows. ### Why Burp Suite MCP? - **Automated scanning** - Run comprehensive vulnerability scans from your IDE - **Manual testing** - Intercept and modify HTTP requests for security testing - **Vulnerability detection** - Identify OWASP Top 10 and advanced security issues - **API security** - Test REST and GraphQL endpoints for vulnerabilities - **Report generation** - Create detailed security assessment reports ### Key Features #### 1. Vulnerability Scanning ```python # Start automated vulnerability scan scan = await mcp.call("burp", "start_scan", { "urls": ["https://app.example.com"], "configuration": "crawl_and_audit", "scope": { "include": ["https://app.example.com/*"], "exclude": ["https://app.example.com/logout"] } }) # Monitor scan progress while True: status = await mcp.call("burp", "scan_status", {"scan_id": scan["id"]}) print(f"Progress: {status[\"progress\"]}% | Issues: {status[\"issue_count\"]}") if status["status"] == "completed": break ``` #### 2. Issue Analysis ```python # Get detected vulnerabilities issues = await mcp.call("burp", "get_issues", { "scan_id": scan["id"], "severity": ["high", "medium"], "confidence": ["certain", "firm"] }) for issue in issues: print(f"[{issue[\"severity\"]}] {issue[\"name\"]}") print(f" URL: {issue[\"url\"]}") print(f" Detail: {issue[\"detail\"]}") print(f" Remediation: {issue[\"remediation\"]}") ``` #### 3. Request Interception ```python # Configure proxy for testing await mcp.call("burp", "configure_proxy", { "listen_port": 8080, "intercept_requests": True, "intercept_responses": False }) # Replay and modify requests response = await mcp.call("burp", "send_request", { "method": "POST", "url": "https://api.example.com/login", "headers": {"Content-Type": "application/json"}, "body": "{\"username\":\"admin\",\"password\":\"test123\"}" }) print(f"Status: {response[\"status_code\"]}") print(f"Response: {response[\"body\"]}") ``` #### 4. API Security Testing ```python # Import API specification await mcp.call("burp", "import_api", { "spec_url": "https://api.example.com/openapi.json", "type": "openapi" }) # Scan API endpoints api_scan = await mcp.call("burp", "scan_api", { "endpoints": "all", "auth": { "type": "bearer", "token": "test_token" }, "tests": ["injection", "auth_bypass", "rate_limiting"] }) ``` ### Configuration ```json { "mcpServers": { "burp": { "command": "npx", "args": ["-y", "@anthropic/mcp-burp"], "env": { "BURP_API_URL": "http://localhost:1337", "BURP_API_KEY": "your-burp-api-key", "BURP_PROJECT": "default" } } } } ``` ### Use Cases **Security Auditing**: Run comprehensive vulnerability scans before production releases. **Penetration Testing**: Conduct manual security testing with proxy interception and replay. **API Assessment**: Validate API security against injection, authentication, and authorization flaws. **Compliance Testing**: Generate security reports for compliance requirements and audits. The Burp Suite MCP Server brings professional security testing into your development workflow.
{
"mcpServers": {
"burp-suite": {
"mcpServers": {
"burp-suite": {
"args": [
"-y",
"@portswigger/burp-suite-mcp"
],
"command": "npx"
}
}
}
}
}