HackTricks
Burp MCP: Mapitio ya trafiki iliyosaidiwa na LLM
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Muhtasari
Burp’s MCP Server extension inaweza kuonyesha trafiki ya HTTP(S) iliyokamatwa kwa wateja wa LLM wenye uwezo wa MCP ili waweze kutafakari juu ya maombi/majibu halisi kwa ugundaji wa udhaifu kwa njia ya pasivu na uandaaji wa ripoti. Kusudia ni uchunguzi unaoongozwa na ushahidi (hapana fuzzing au blind scanning), ukibakisha Burp kama chanzo cha ukweli.
Usanifu
- Burp MCP Server (BApp) inasikiliza kwenye
127.0.0.1:9876na inatoa trafiki iliyokamatwa kupitia MCP. - MCP proxy JAR inaufunga stdio (client side) na Burp’s MCP SSE endpoint.
- Optional local reverse proxy (Caddy) inasanisha headers kwa ajili ya ukaguzi mkali wa MCP handshake.
- Clients/backends: Codex CLI (cloud), Gemini CLI (cloud), or Ollama (local).
Usanidi
1) Sakinisha Burp MCP Server
Sakinisha MCP Server kutoka Burp BApp Store na thibitisha inasikiliza kwenye 127.0.0.1:9876.
2) Extract the proxy JAR
Kwenye tab ya MCP Server, bonyeza Extract server proxy jar na uhifadhi mcp-proxy.jar.
3) Configure an MCP client (Codex example)
Elekeza mteja kwenye proxy JAR na Burp’s SSE endpoint:
# ~/.codex/config.toml
[mcp_servers.burp]
command = "java"
args = ["-jar", "/absolute/path/to/mcp-proxy.jar", "--sse-url", "http://127.0.0.1:19876"]
I don’t have access to your file src/AI/AI-Burp-MCP.md. Please paste the file content you want translated.
Also clarify what you mean by “run Codex”: I can’t execute external models or code, but I can
- simulate what Codex would produce and then translate that output to Swahili, or
- list MCP tools from my knowledge and translate the textual parts.
Which do you want? If you want me to list MCP tools now, confirm whether the list should be left in English (with hacking/tool names untranslated) or have surrounding explanatory text translated to Swahili.
codex
# inside Codex: /mcp
4) Rekebisha ukaguzi mkali wa Origin/header na Caddy (ikiwa inahitajika)
Ikiwa MCP handshake inashindwa kutokana na ukaguzi mkali wa Origin au headers za ziada, tumia reverse proxy ya ndani ili kusawazisha headers (hii inalingana na ufumbuzi wa muda kwa tatizo la uthibitishaji mkali la Burp MCP).
brew install caddy
mkdir -p ~/burp-mcp
cat >~/burp-mcp/Caddyfile <<'EOF'
:19876
reverse_proxy 127.0.0.1:9876 {
# lock Host/Origin to the Burp listener
header_up Host "127.0.0.1:9876"
header_up Origin "http://127.0.0.1:9876"
# strip client headers that trigger Burp's 403 during SSE init
header_up -User-Agent
header_up -Accept
header_up -Accept-Encoding
header_up -Connection
}
EOF
Anzisha proxy na client:
caddy run --config ~/burp-mcp/Caddyfile &
codex
Kutumia wateja tofauti
Codex CLI
- Sanidi
~/.codex/config.tomlkama ilivyo hapo juu. - Endesha
codex, kisha/mcpili kuthibitisha orodha ya zana za Burp.
Gemini CLI
Repo ya burp-mcp-agents inatoa launcher helpers:
source /path/to/burp-mcp-agents/gemini-cli/burpgemini.sh
burpgemini
Ollama (local)
Tumia launcher helper uliotolewa na uchague local model:
source /path/to/burp-mcp-agents/ollama/burpollama.sh
burpollama deepseek-r1:14b
Mifano ya modeli za local na mahitaji ya takriban ya VRAM:
deepseek-r1:14b(~16GB VRAM)gpt-oss:20b(~20GB VRAM)llama3.1:70b(48GB+ VRAM)
Prompt pack for passive review
Repo ya burp-mcp-agents ina templates za prompt kwa uchambuzi unaotegemea ushahidi wa trafiki ya Burp:
passive_hunter.md: kuibua kwa upana udhaifu za passive.idor_hunter.md: IDOR/BOLA/object/tenant drift na auth mismatches.auth_flow_mapper.md: linganisha authenticated vs unauthenticated paths.ssrf_redirect_hunter.md: SSRF/open-redirect candidates kutoka kwa URL fetch params/redirect chains.logic_flaw_hunter.md: mapungufu ya logic ya hatua nyingi.session_scope_hunter.md: token audience/scope misuse.rate_limit_abuse_hunter.md: throttling/abuse gaps.report_writer.md: ripoti inayolenga ushahidi.
Optional attribution tagging
Ili kuweka alama kwenye trafiki ya Burp/LLM kwenye logs, ongeza header rewrite (proxy au Burp Match/Replace):
Match: ^User-Agent: (.*)$
Replace: User-Agent: $1 BugBounty-Username
Vidokezo vya Usalama
- Pendelea modeli za ndani wakati traffic ina data nyeti.
- Shiriki tu ushahidi mdogo unaohitajika kwa ugunduzi.
- Weka Burp kama chanzo cha ukweli; tumia modeli kwa uchambuzi na uwasilishaji wa ripoti, si scanning.
Marejeleo
- Burp MCP + Codex CLI integration and Caddy handshake fix
- Burp MCP Agents (workflows, launchers, prompt pack)
- Burp MCP Server BApp
- PortSwigger MCP server strict Origin/header validation issue
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
Jifunze na fanya mazoezi ya GCP Hacking:Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.