Add BurpSuite MCP Bridge

.agents/plugins/marketplace.json

@@ -856,6 +856,21 @@
       "description": "Manage Bitbucket repos, PRs, branches, issues, webhooks, and pipelines for Data Center and Cloud.",
       "icon": "./plugins/avivsinai/bitbucket-cli/assets/bkt-icon.svg"
     },
+    {
+      "name": "burpsuite-mcp-bridge",
+      "displayName": "BurpSuite MCP Bridge",
+      "source": {
+        "source": "local",
+        "path": "./plugins/6jeffr3y/burpsuite-mcp-bridge"
+      },
+      "policy": {
+        "installation": "AVAILABLE",
+        "authentication": "ON_INSTALL"
+      },
+      "category": "Tools & Integrations",
+      "description": "Bridge Burp Suite traffic, replay, rewrite rules, and evidence export into Codex through MCP for WSL, Windows, and macOS workflows.",
+      "icon": "./plugins/6jeffr3y/burpsuite-mcp-bridge/assets/icon.svg"
+    },
     {
       "name": "calle",
       "displayName": "Call-E",

README.md

@@ -194,6 +194,7 @@ Third-party plugins built by the community. [PRs welcome](#contributing)!
 - [Apple Productivity](https://github.com/matk0shub/apple-productivity-mcp) - Local Apple Calendar and Reminders tooling for macOS with Codex plugin adapters.
 - [AxonFlow](https://github.com/getaxonflow/axonflow-codex-plugin) - Runtime governance for Codex with policy enforcement on terminal commands, advisory checks for non-terminal tools via skills, PII/secret detection, and compliance-grade audit trails. Self-hosted via Docker.
 - [Bitbucket CLI](https://github.com/avivsinai/bitbucket-cli) - Manage Bitbucket repos, PRs, branches, issues, webhooks, and pipelines for Data Center and Cloud.
+- [BurpSuite MCP Bridge](https://github.com/6jeffr3y/burpsuite-mcp-bridge) - Bridge Burp Suite traffic, replay, rewrite rules, and evidence export into Codex through MCP for WSL, Windows, and macOS workflows.
 - [Call-E](https://github.com/CALLE-AI/call-e-integrations) - Plan, run, and inspect Call-E phone call workflows from Codex through the calle CLI.
 - [Canvas Apps Plugin Codex](https://github.com/Ratnam-Mishra/canvas-apps-plugin-codex) - Build and edit Microsoft Power Apps Canvas Apps using natural language and Canvas Authoring MCP server.
 - [Chrome DevTools](https://github.com/win4r/chrome-devtools-codex-plugin) - One-click Codex plugin wrapper for chrome-devtools-mcp.

plugins.json

@@ -2,8 +2,8 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "name": "awesome-codex-plugins",
   "version": "1.0.0",
-  "last_updated": "2026-06-04",
-  "total": 98,
+  "last_updated": "2026-06-06",
+  "total": 99,
   "categories": [
     "Development & Workflow",
     "Tools & Integrations"
@@ -589,6 +589,16 @@
       "source": "awesome-codex-plugins",
       "install_url": "https://raw.githubusercontent.com/avivsinai/bitbucket-cli/HEAD/.codex-plugin/plugin.json"
     },
+    {
+      "name": "BurpSuite MCP Bridge",
+      "url": "https://github.com/6jeffr3y/burpsuite-mcp-bridge",
+      "owner": "6jeffr3y",
+      "repo": "burpsuite-mcp-bridge",
+      "description": "Bridge Burp Suite traffic, replay, rewrite rules, and evidence export into Codex through MCP for WSL, Windows, and macOS workflows.",
+      "category": "Tools & Integrations",
+      "source": "awesome-codex-plugins",
+      "install_url": "https://raw.githubusercontent.com/6jeffr3y/burpsuite-mcp-bridge/HEAD/.codex-plugin/plugin.json"
+    },
     {
       "name": "Call-E",
       "url": "https://github.com/CALLE-AI/call-e-integrations",

plugins/6jeffr3y/burpsuite-mcp-bridge/.codex-plugin/plugin.json

@@ -0,0 +1,45 @@
+{
+  "name": "burpsuite-mcp-bridge",
+  "version": "1.1.0",
+  "description": "Burp Suite MCP bridge for target-centric traffic triage, replay, rewrite automation, UI selection handoff, BCheck/Bambda import, and evidence export across WSL/Windows/macOS clients.",
+  "author": {
+    "name": "BurpSuite MCP Bridge",
+    "email": "6jeffr3y@users.noreply.github.com",
+    "url": "https://github.com/6jeffr3y/burpsuite-mcp-bridge"
+  },
+  "homepage": "https://github.com/6jeffr3y/burpsuite-mcp-bridge",
+  "repository": "https://github.com/6jeffr3y/burpsuite-mcp-bridge",
+  "license": "Proprietary Runtime Distribution",
+  "keywords": [
+    "burp",
+    "mcp",
+    "codex",
+    "wsl",
+    "windows",
+    "montoya",
+    "proxy",
+    "agent-ai"
+  ],
+  "mcpServers": "./.mcp.json",
+  "interface": {
+    "displayName": "BurpSuite MCP Bridge",
+    "shortDescription": "Bridge Burp Suite traffic, replay, and rewrite workflows into MCP clients and IDEs",
+    "longDescription": "Expose Burp Suite proxy, history, logger-like internal tool traffic, and UI-selected messages to MCP clients. Supports target-centric overview, low-noise polling, replay with mutation, request/response rewrite rules with modify/drop/spoof actions, Repeater handoff, BCheck/Bambda import, and exportable raw evidence.",
+    "developerName": "BurpSuite MCP Bridge",
+    "category": "Coding",
+    "capabilities": [
+      "Read",
+      "Write",
+      "Interactive"
+    ],
+    "websiteURL": "https://github.com/6jeffr3y/burpsuite-mcp-bridge",
+    "brandColor": "#f97316",
+    "composerIcon": "./assets/icon.svg",
+    "logo": "./assets/logo.svg",
+    "defaultPrompt": [
+      "Use BurpSuite MCP Bridge to build a target overview for the current host and pick high-value candidate flows.",
+      "Use BurpSuite MCP Bridge to inspect a selected Burp message, replay one controlled mutation, and export the raw evidence bundle.",
+      "Use BurpSuite MCP Bridge to create a temporary scoped rewrite rule, verify its effect, then delete or disable it."
+    ]
+  }
+}

plugins/6jeffr3y/burpsuite-mcp-bridge/.codexignore

@@ -0,0 +1,4 @@
+artifacts/
+**/__pycache__/
+*.pyc
+*.log

plugins/6jeffr3y/burpsuite-mcp-bridge/.mcp.json

@@ -0,0 +1,13 @@
+{
+  "mcpServers": {
+    "burpsuite-mcp-bridge": {
+      "command": "python3",
+      "args": [
+        "./wsl-mcp/server.py"
+      ],
+      "env": {
+        "BURP_MCP_BRIDGE_URL": "http://127.0.0.1:9639"
+      }
+    }
+  }
+}

plugins/6jeffr3y/burpsuite-mcp-bridge/CHANGELOG.md

@@ -0,0 +1,31 @@
+# Changelog
+
+## 1.1.0
+
+### Highlights
+- Added target-centric traffic overview via `burp_target_overview`.
+- Added staged MCP help via `burp_mcp_list`.
+- Implemented real rewrite-rule actions: `modify`, `drop`, and `spoof`.
+- Added rule scope control: `proxy`, `tool`, and `all`.
+- Added Burp 2026.4.x runtime-detected integrations:
+  - command palette / HotKey selection capture
+  - official internal-tool request drop/spoof when available
+  - BCheck import
+  - Bambda import
+- Added Burp UI diagnostics, command copy helpers, and improved rewrite-rule UX.
+- Simplified configuration: examples directly start `wsl-mcp/server.py` and set `BURP_MCP_BRIDGE_URL`; wrapper scripts were removed from the release package.
+
+### Stability / Compatibility
+- Compile baseline remains `montoya-api 2025.10`.
+- Optional 2026.4.x features are detected at runtime.
+- JSON detail responses keep preview-first body handling; full raw evidence is exported via bundle files.
+
+### Tested Baseline
+- Burp Suite Professional 2026.4.2
+
+## 1.0.0
+
+### Highlights
+- Initial release for Windows Burp ↔ WSL Codex / Agent AI / MCP CLI / IDE communication.
+- Reads Burp Proxy traffic and logger-like internal HTTP tool traffic.
+- Supports replay, rewrite rules, Repeater handoff, and raw bundle export.

plugins/6jeffr3y/burpsuite-mcp-bridge/CHANGELOG_CN.md

@@ -0,0 +1,31 @@
+# 更新日志
+
+## 1.1.0
+
+### 重点更新
+- 新增目标视角流量画像：`burp_target_overview`。
+- 新增分级 MCP 帮助：`burp_mcp_list`。
+- 改写规则动作真正落地：`modify`、`drop`、`spoof`。
+- 规则作用面支持：`proxy`、`tool`、`all`。
+- 接入 Burp 2026.4.x 运行时检测能力：
+  - command palette / HotKey selection 捕获
+  - 可用时使用官方 internal-tool request drop/spoof
+  - BCheck 导入
+  - Bambda 导入
+- 增强 Burp UI：自检、命令复制、规则 UX。
+- 简化配置：示例直接启动 `wsl-mcp/server.py` 并设置 `BURP_MCP_BRIDGE_URL`；release 包移除 wrapper 脚本。
+
+### 稳定性 / 兼容性
+- 编译基线保持 `montoya-api 2025.10`。
+- 2026.4.x 可选能力运行时检测。
+- JSON 详情接口继续使用 preview-first body；完整原始证据通过 bundle 文件导出。
+
+### 测试基线
+- Burp Suite Professional 2026.4.2
+
+## 1.0.0
+
+### 重点更新
+- 初始发布，支持 Windows Burp ↔ WSL Codex / Agent AI / MCP CLI / IDE 通信。
+- 支持 Burp Proxy 流量与 logger-like 内部工具流量读取。
+- 支持重放、改写规则、Repeater 联动和原始包导出。

plugins/6jeffr3y/burpsuite-mcp-bridge/NOTICE.txt

@@ -0,0 +1,7 @@
+BurpSuite MCP Bridge
+
+Distribution notes:
+- review homepage / repository / support URLs before public release
+- review organization branding and contact information
+- verify the default bridge URL matches your target release environment
+- verify Python runtime availability for directly starting wsl-mcp/server.py

plugins/6jeffr3y/burpsuite-mcp-bridge/NOTICE_CN.txt

@@ -0,0 +1,7 @@
+BurpSuite MCP Bridge
+
+发布前建议检查：
+- homepage / repository / support URL 是否替换为正式地址
+- 品牌信息与联系方式是否符合你的发布环境
+- 默认 Bridge URL 是否符合目标环境
+- Python 运行环境是否可以直接启动 wsl-mcp/server.py

plugins/6jeffr3y/burpsuite-mcp-bridge/README.md

@@ -0,0 +1,190 @@
+# BurpSuite MCP Bridge
+
+English | [简体中文](./README_CN.md)
+
+**MCP bridge for Burp Suite traffic, replay, rewrite automation, UI selection handoff, and evidence export.**
+
+This release is designed for real mixed-environment workflows: Burp can run on Windows while Codex/AI agents run in WSL, Windows, or macOS. The default setup uses stdio MCP and points the Python MCP server at the Burp extension bridge with one explicit URL.
+
+---
+
+## What's new in v1.1.0
+
+- Unified MCP response/error shape.
+- Rewrite rules now support real `modify`, `drop`, and `spoof` actions.
+- Rule scope supports `proxy`, `tool`, and `all`.
+- Burp 2026.4.x runtime-detected integrations:
+  - command palette / HotKey selection capture
+  - official internal-tool request drop/spoof when available
+  - BCheck import
+  - Bambda import
+- New target-centric workflow: `burp_target_overview(host=...)`.
+- New staged help: `burp_mcp_list(section=..., topic=...)`.
+- Better Burp UI diagnostics, quick MCP command copy panel, and rewrite-rule UX.
+- Simplified configuration: no wrapper scripts are required.
+
+Tested with **Burp Suite Professional 2026.4.2**. Compile baseline remains `montoya-api 2025.10`; newer features are runtime-detected for compatibility.
+
+---
+
+## Included files
+
+```text
+burp-plugin/
+  burpsuite-mcp-bridge-1.1.0-all.jar
+  burpsuite-mcp-bridge-latest.jar
+wsl-mcp/
+  server.py
+config-examples/
+  codex-wsl-mirrored.toml
+  codex-wsl-nat.toml
+  codex-windows.toml
+  codex-macos.toml
+requirements-wsl.txt
+```
+
+---
+
+## Quick start
+
+### 1) Load the Burp extension
+
+In Burp Suite, load:
+
+```text
+burp-plugin/burpsuite-mcp-bridge-latest.jar
+```
+
+Recommended bridge settings:
+
+```text
+Bind host: 127.0.0.1
+Port: 9639
+Max live/logger entries: 1500
+Max body preview bytes: 32768
+Ignore static: on
+```
+
+For WSL NAT, bind Burp Bridge to the Windows LAN IP or `0.0.0.0`, then use that LAN IP in `BURP_MCP_BRIDGE_URL`.
+
+### 2) Install MCP runtime dependency
+
+```bash
+python3 -m pip install -r requirements-wsl.txt
+```
+
+On Windows, use your normal Python installation and install the same requirement.
+
+### 3) Configure Codex / MCP
+
+Default stdio setup directly starts `wsl-mcp/server.py`; no wrapper script is required.
+
+WSL mirrored / local loopback:
+
+```toml
+[mcp_servers.burpsuite-mcp-bridge]
+command = "python3"
+args = ["/mnt/d/AI_project/burpsuite-mcp-bridge-release/wsl-mcp/server.py"]
+
+[mcp_servers.burpsuite-mcp-bridge.env]
+BURP_MCP_BRIDGE_URL = "http://127.0.0.1:9639"
+```
+
+WSL NAT example:
+
+```toml
+[mcp_servers.burpsuite-mcp-bridge]
+command = "python3"
+args = ["/mnt/d/AI_project/burpsuite-mcp-bridge-release/wsl-mcp/server.py"]
+
+[mcp_servers.burpsuite-mcp-bridge.env]
+BURP_MCP_BRIDGE_URL = "http://192.168.1.100:9639"
+```
+
+See `config-examples/` for WSL mirrored, WSL NAT, Windows, and macOS variants.
+
+---
+
+## Codex plugin marketplace readiness
+
+This repository ships a valid `.codex-plugin/plugin.json`, icon assets, release JARs, and direct MCP configuration examples. It is suitable for submission to community Codex plugin directories such as `awesome-codex-plugins` for discovery, while remaining installable directly from this repository.
+
+---
+
+## Core MCP tools
+
+### Status and help
+
+- `burp_bridge_status`
+- `burp_config_get`
+- `burp_mcp_list`
+
+### Target and traffic
+
+- `burp_target_overview`
+- `burp_live_poll`
+- `burp_live_overview`
+- `burp_history_search`
+- `burp_logger_poll`
+- `burp_logger_overview`
+- `burp_extension_activity_overview`
+- `burp_selection_poll`
+- `burp_flow_get`
+- `burp_logger_flow_get`
+- `burp_selection_get`
+
+### Replay and evidence
+
+- `burp_replay_flow`
+- `burp_send_raw_request`
+- `burp_send_to_repeater`
+- `burp_export_flow`
+- `burp_export_flow_bundle`
+
+### Automation
+
+- `burp_rules_list`
+- `burp_rule_upsert`
+- `burp_rule_delete`
+- `burp_bcheck_import`
+- `burp_bambda_import`
+
+---
+
+## Recommended workflow
+
+1. Start with `burp_target_overview(host="target.example")`.
+2. Inspect one candidate flow with the matching getter:
+   - `burp_flow_get(..., source="history" | "live")`
+   - `burp_logger_flow_get(...)`
+   - `burp_selection_get(...)`
+3. Replay one controlled mutation with `burp_replay_flow`.
+4. Export decisive raw evidence with `burp_export_flow_bundle`.
+5. If a behavior is reusable, promote it to a rewrite rule, BCheck, or Bambda.
+
+---
+
+## Body handling
+
+JSON detail calls inline body previews only. Large bodies are capped to avoid MCP context bloat and Burp/UI pressure. For full raw request/response bytes, use:
+
+```python
+burp_export_flow_bundle(flow_id=123, source="history")
+```
+
+---
+
+## Optional Streamable HTTP MCP
+
+The default release examples use stdio MCP. If you need Streamable HTTP, start it manually:
+
+```bash
+BURP_MCP_BRIDGE_URL=http://127.0.0.1:9639 \
+python3 wsl-mcp/server.py --transport streamable-http --host 127.0.0.1 --port 9640 --path /mcp
+```
+
+Default URL:
+
+```text
+http://127.0.0.1:9640/mcp
+```