MCP in Burp Suite From Enumeration to Targeted Exploitation

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://trustedsec.com/blog/mcp-in-burp-suite-from-enumeration-to-targeted-exploitation
• Blog Title: MCP in Burp Suite: From Enumeration to Targeted Exploitation
• Suggested Section: AI -> AI Security (new page or subsection: "MCP Security Testing" / "MCP Pentesting with Burp (SSE/WebSockets bridge)")

🎯 Content Summary

Title: MCP in Burp Suite: From Enumeration to Targeted Exploitation (TrustedSec, published February 03, 2026; Drew Kirkpatrick)

What MCP is and why it matters for security:
MCP (Model Context Protocol) servers are a relatively new integration layer (introduced by Anthropic at the end of 2024) that act as standardized “glue” between AI systems (e.g., LLMs) and enterprise data/actions. Conceptually, an MCP server is a “universal translator” th...

🔧 Technical Details

Protocol-aware MCP discovery (internet-facing surface mapping): Identify MCP servers during testing by using passive indicators (common headers/endpoints) and optionally confirm exposure with a minimal active probe (only a few HTTP GETs to common MCP endpoints). Treat any publicly reachable MCP server as part of the external attack surface and proceed to authenticate and enumerate once detected.

Turn streaming MCP (SSE/WebSockets) into a Burp-friendly sync workflow via a bridge: Build/use a local “synchronous bridge” that sits as a proxy within Burp Proxy, forwards Repeater/Intruder-generated requests to the real MCP SSE/WS endpoint, continuously reads the stream to find the matching response, and correlates messages using request/response GUIDs. The bridge should also inject authentication material (tokens/headers/auth parameters/mTLS client certs) and rewrite requests so Burp targets the local bridge instead of the MCP server directly...

🤖 Agent Actions

Summary:

• Added a Burp-centric MCP pentesting section describing MCP-ASD discovery, synchronous SSE/WebSocket bridge, auth injection (including mTLS), endpoint auto-detection, and primitive enumeration workflows for Repeater/Intruder fuzzing.
• Updated references to include the MCP-ASD blog and repository while deduplicating older entries.

Files modified:

• src/AI/AI-MCP-Servers.md

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://trustedsec.com/blog/mcp-in-burp-suite-from-enumeration-to-targeted-exploitation

Content Categories: Based on the analysis, this content was categorized under "AI -> AI Security (new page or subsection: "MCP Security Testing" / "MCP Pentesting with Burp (SSE/WebSockets bridge)")".

Repository Maintenance:

• MD Files Formatting: 944 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0