# Tools Reference High-level index of tool categories and defaults. For parameter-level details, use [Tools Reference (Detailed)](/mcp-server/tools-reference-detailed.md). ```mermaid mindmap root((MCP Tools)) Burp Control Collaborator Config Editor Issues Extension History Requests Scanner Scope Site Map Utilities ``` ## Burp Control | Tool | Unsafe | Default enabled | Pro only | Description | | ------------------- | ------ | --------------- | -------- | ------------------------------------------------------- | | proxy\_intercept | Yes | No | No | Enables or disables Proxy intercept. | | task\_engine\_state | Yes | No | No | Sets Burp's task execution engine to paused or running. | ## Collaborator | Tool | Unsafe | Default enabled | Pro only | Description | | ---------------------- | ------ | --------------- | -------- | --------------------------------------------------- | | collaborator\_generate | No | Yes | No | Generates a Burp Collaborator payload. | | collaborator\_poll | No | Yes | No | Fetches interactions for a Collaborator secret key. | ## Config | Tool | Unsafe | Default enabled | Pro only | Description | | --------------------- | ------ | --------------- | -------- | -------------------------------------------- | | project\_options\_get | No | No | No | Outputs project-level configuration as JSON. | | project\_options\_set | Yes | No | No | Sets project-level configuration from JSON. | | user\_options\_get | No | No | No | Outputs user-level configuration as JSON. | | user\_options\_set | Yes | No | No | Sets user-level configuration from JSON. | ## Editor | Tool | Unsafe | Default enabled | Pro only | Description | | ----------- | ------ | --------------- | -------- | -------------------------------------------------- | | editor\_get | No | No | No | Outputs the contents of the active message editor. | | editor\_set | Yes | No | No | Sets the content of the active message editor. | ## Issues | Tool | Unsafe | Default enabled | Pro only | Description | | ------------- | ------ | --------------- | -------- | -------------------------------------------------- | | issue\_create | No | Yes | No | Creates a custom audit issue in Burp's issue list. | ## Extension | Tool | Unsafe | Default enabled | Pro only | Description | | ------ | ------ | --------------- | -------- | ------------------------------------------------ | | status | No | Yes | No | Returns basic extension and Burp version status. | ## History | Tool | Unsafe | Default enabled | Pro only | Description | | --------------------------- | ------ | --------------- | -------- | -------------------------------------------------------------- | | proxy\_history\_annotate | Yes | No | No | Adds notes/highlights to proxy history items matching a regex. | | proxy\_http\_history | No | Yes | No | Displays items within the proxy HTTP history. | | proxy\_http\_history\_regex | No | Yes | No | Displays proxy HTTP history items matching a regex. | | proxy\_ws\_history | No | Yes | No | Displays items within the proxy WebSocket history. | | proxy\_ws\_history\_regex | No | Yes | No | Displays WebSocket history items matching a regex. | | response\_body\_search | No | Yes | No | Searches response bodies in proxy history using a regex. | ## Requests | Tool | Unsafe | Default enabled | Pro only | Description | | ---------------------------- | ------ | --------------- | -------- | -------------------------------------------------------------------------------- | | comparer\_send | Yes | No | No | Sends one or more items to Burp Comparer. | | diff\_requests | No | Yes | No | Produces a line diff between two requests. | | find\_reflected | No | Yes | No | Finds reflected parameter values in a response. | | http1\_request | Yes | No | No | Issues an HTTP/1.1 request and returns the response. Optional in agent profiles. | | http2\_request | Yes | No | No | Issues an HTTP/2 request and returns the response. Optional in agent profiles. | | insertion\_points | No | Yes | No | Lists insertion point offsets for a request. | | intruder | Yes | No | No | Sends a request to Intruder. | | intruder\_prepare | Yes | No | No | Creates an Intruder tab with explicit insertion points. | | params\_extract | No | Yes | No | Extracts parameters from a request. | | repeater\_tab | Yes | No | No | Creates a new Repeater tab with the specified HTTP request. | | repeater\_tab\_with\_payload | Yes | No | No | Creates a Repeater tab after applying placeholder replacements. | | request\_parse | No | Yes | No | Parses a raw HTTP request into method, path, headers, parameters, and body. | | response\_parse | No | Yes | No | Parses a raw HTTP response into status, headers, and body. | {% hint style="info" %} `http1_request` and `http2_request` require **Unsafe mode** enabled in the MCP Server tab. Built-in agent profiles (pentester, bughunter, auditor) list these tools as optional — no warning is shown when they are disabled. Custom profiles that explicitly reference these tools will show a validation warning until Unsafe mode is enabled. {% endhint %} ## Scanner | Tool | Unsafe | Default enabled | Pro only | Description | | ---------------------------- | ------ | --------------- | -------- | ---------------------------------------------------- | | scan\_audit\_start | Yes | No | Yes | Starts a Burp Scanner audit. | | scan\_audit\_start\_mode | Yes | No | Yes | Starts a scanner audit using active or passive mode. | | scan\_audit\_start\_requests | Yes | No | Yes | Starts an audit and adds HTTP requests. | | scan\_crawl\_start | Yes | No | Yes | Starts a Burp Scanner crawl. | | scan\_report | Yes | No | Yes | Generates a scanner report to a path. | | scan\_task\_delete | Yes | No | Yes | Deletes a crawl/audit task started via MCP. | | scan\_task\_status | No | No | Yes | Gets status for a crawl/audit task. | | scanner\_issues | No | Yes | Yes | Displays scanner issues (Burp Pro only). | ## Scope | Tool | Unsafe | Default enabled | Pro only | Description | | -------------- | ------ | --------------- | -------- | --------------------------------- | | scope\_check | No | Yes | No | Checks whether a URL is in scope. | | scope\_exclude | Yes | No | No | Excludes a URL from scope. | | scope\_include | Yes | No | No | Includes a URL in scope. | ## Site Map | Tool | Unsafe | Default enabled | Pro only | Description | | ---------------- | ------ | --------------- | -------- | ----------------------------------------- | | site\_map | No | Yes | No | Displays items within the Burp site map. | | site\_map\_regex | No | Yes | No | Displays site map items matching a regex. | ## Utilities | Tool | Unsafe | Default enabled | Pro only | Description | | ---------------- | ------ | --------------- | -------- | ------------------------------------------------------------------------------- | | base64\_decode | No | Yes | No | Base64 decodes the input string. | | base64\_encode | No | Yes | No | Base64 encodes the input string. | | cookie\_jar\_get | No | Yes | No | Returns cookies from Burp's cookie jar (values redacted unless privacy is OFF). | | decode\_as | No | Yes | No | Decodes base64 content using compression codecs (gzip/deflate/brotli). | | hash\_compute | No | Yes | No | Computes a hash for input text (MD5/SHA1/SHA256/SHA512). | | jwt\_decode | No | Yes | No | Decodes JWT header/payload without verifying the signature. | | random\_string | No | Yes | No | Generates a random string of specified length and character set. | | url\_decode | No | Yes | No | URL decodes the input string. | | url\_encode | No | Yes | No | URL encodes the input string. | ## Next Step Use [Tools Reference (Detailed)](/mcp-server/tools-reference-detailed.md) for inputs/outputs and examples per tool. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://burp-ai-agent.six2dez.com/mcp-server/tools-reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.