← 返回 Skills 市场
nquangit

burp-mcp

作者 Huỳnh Ngọc Quang · GitHub ↗ · v0.1.0 · MIT-0
win32linuxdarwin ⚠ suspicious
51
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install burp-mcp
功能描述
Connect to a local Burp Suite MCP Server over SSE and list or call Burp tools from the workspace. Use when Burp Suite is running with the PortSwigger MCP ext...
使用说明 (SKILL.md)

Burp MCP

Use this skill to talk to a local Burp Suite MCP Server exposed by the PortSwigger extension.

When to use

  • Burp Suite is already running locally
  • The MCP extension is loaded and enabled
  • You want to inspect available Burp tools
  • You want to call a specific Burp MCP tool from the terminal or from OpenClaw via exec

Endpoint

Default endpoint used by this skill:

http://127.0.0.1:9876/

Important: on this machine, the live SSE endpoint is /, not /sse.

Commands

List Burp tools:

python ./skills/burp-mcp/scripts/burp_mcp.py list-tools

Call a Burp tool:

python ./skills/burp-mcp/scripts/burp_mcp.py call \x3Ctool_name> '\x3Cjson_args>'

Examples:

python ./skills/burp-mcp/scripts/burp_mcp.py list-tools
python ./skills/burp-mcp/scripts/burp_mcp.py call get_proxy_http_history '{"offset":0,"count":5}'
python ./skills/burp-mcp/scripts/burp_mcp.py call get_proxy_http_history_regex '{"offset":0,"count":10,"regex":"login|token|auth"}'
python ./skills/burp-mcp/scripts/burp_mcp.py call output_project_options '{}'

How agents should use it

1) Always start with list-tools

Burp MCP tool names and schemas can change with extension version. Before calling tools in a new setup, list tools first:

python ./skills/burp-mcp/scripts/burp_mcp.py list-tools

This returns JSON entries with:

  • name
  • description
  • inputSchema

2) Match args to inputSchema

When calling a tool, build the JSON object to match the tool's required schema exactly.

Example:

  • get_proxy_http_history requires:
    • offset (integer)
    • count (integer)

So call it like:

python ./skills/burp-mcp/scripts/burp_mcp.py call get_proxy_http_history '{"offset":0,"count":20}'

3) Prefer safe read-only tools first

Safe first calls:

  • get_proxy_http_history
  • get_proxy_http_history_regex
  • get_proxy_websocket_history
  • get_scanner_issues
  • output_project_options
  • output_user_options

Be careful with mutation tools such as:

  • set_project_options
  • set_user_options
  • set_proxy_intercept_state
  • set_task_execution_engine_state
  • set_active_editor_contents

Output behavior

  • list-tools prints JSON array of tools
  • call prints JSON object:
    • isError
    • content

Burp often returns tool results as text blocks. Some tools return newline-separated JSON strings inside content[].text, so callers may need a second parse step if they want structured output.

Troubleshooting

  • If connection fails, verify Burp is open and the MCP extension is enabled
  • If /sse fails, use / instead
  • If tool calls return schema errors, re-run list-tools and check inputSchema
  • If nothing returns, test manually with:
curl http://127.0.0.1:9876 -v

A healthy server should return text/event-stream

Notes

  • Uses the official Python mcp SDK
  • Requires asyncio
  • Assumes the mcp package is already installed in the active Python environment
安全使用建议
This skill appears to do exactly what it says: connect to a local Burp MCP SSE server and list/call tools. Before installing or running it, ensure: (1) Burp Suite with the MCP extension is actually running on localhost as expected, (2) you are comfortable installing the Python 'mcp' package from PyPI — verify its origin and contents, and (3) avoid invoking any Burp tools that mutate state unless you understand their effects (the README and SKILL.md list several mutation-capable tools). The script only reads an optional config.json inside the skill folder and communicates with localhost; there are no requests for external credentials or unexpected network destinations.
功能分析
Type: OpenClaw Skill Name: burp-mcp Version: 0.1.0 The skill provides a legitimate interface for an AI agent to interact with a local Burp Suite instance via the Model Context Protocol (MCP). The implementation in `scripts/burp_mcp.py` uses the official Python MCP SDK to communicate with a local SSE endpoint (defaulting to 127.0.0.1:9876). The instructions in `SKILL.md` are well-structured, align with the code's functionality, and include safety guidance for the agent regarding state-mutating tools. No evidence of data exfiltration, obfuscation, or malicious intent was found.
能力评估
Purpose & Capability
Name/description match the code and instructions: the package contains a Python CLI that uses the Python 'mcp' SDK to talk to a local Burp MCP SSE endpoint. Required binary (python) and optional config.json are appropriate for the stated purpose.
Instruction Scope
SKILL.md and the script limit actions to connecting to a local SSE endpoint (default http://127.0.0.1:9876/), listing tools, and calling tools. The agent is instructed to run the included script; there are no instructions to read unrelated system files or environment variables, nor to transmit data to external endpoints.
Install Mechanism
The skill is instruction-only (no repository-level install step), but SKILL.md metadata and README mention installing the Python 'mcp' package via pip. Installing a third-party PyPI package is a normal dependency step for this functionality, but the user should verify the 'mcp' package's provenance before installing.
Credentials
No environment variables or credentials are requested. The script reads a local config.json inside the skill directory for an SSE URL (optional) — this is proportional to the goal and limited in scope.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and does not request persistent system-wide privileges. It runs as an on-demand CLI helper and prints JSON to stdout.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install burp-mcp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /burp-mcp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: Python MCP SDK bridge for local Burp Suite MCP over SSE.
元数据
Slug burp-mcp
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

burp-mcp 是什么?

Connect to a local Burp Suite MCP Server over SSE and list or call Burp tools from the workspace. Use when Burp Suite is running with the PortSwigger MCP ext... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 51 次。

如何安装 burp-mcp?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install burp-mcp」即可一键安装,无需额外配置。

burp-mcp 是免费的吗?

是的,burp-mcp 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

burp-mcp 支持哪些平台?

burp-mcp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(win32, linux, darwin)。

谁开发了 burp-mcp?

由 Huỳnh Ngọc Quang(@nquangit)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论