Boost Web Vulnerability Scanning with LLM‑Powered MCP Server Automation

Background and Goal

In web security, vulnerability detection is critical yet complex. Traditional scanners rely on static rule sets and struggle with new bugs, while manual testing is costly and slow. Large language models (LLMs) can understand context, generate targeted test cases, and simulate multi‑dimensional attacks, improving coverage and accuracy.

This article builds on the web security toolchain integrated with MCP Server, presenting an automated vulnerability detection solution that uses a cline client to schedule Burp Suite via AI models.

Environment Setup

Prerequisites:

Burp Suite Pro (latest) to support Montoya API plugins.

MCP Kotlin SDK: https://github.com/modelcontextprotocol/kotlin-sdk.git

Steps:

Run mvn clean package in the Kotlin MCP Server project root to build the JAR.

Load the JAR in Burp's Extensions module and click StartServer to launch MCP Server.

In the cline client, add the remote server at http://127.0.0.1:9999/sse.

Practical Operation

The demonstration focuses on SQL injection detection.

Three main steps for the LLM:

Retrieve all historical traffic from Burp.

Analyze each request for potential SQL‑injection parameters, inject diverse payloads, and resend the modified HTTP messages.

Compare responses of modified requests with original ones to decide if a vulnerability exists and report it via MCP tools.

Images illustrate the payload insertion and response analysis.

Challenges

LLM token limits : Large HTTP histories can exceed the 65,536‑token ceiling, requiring token‑splitting or tool optimization.

Payload formatting : Incorrect insertion can produce malformed HTTP requests, leading to server parsing errors. Adjusting the LLM prompt to respect HTTP syntax resolves this.

Tool invocation order : Ensuring the vulnerability‑reporting tool runs after each detection iteration is essential; refined prompts and explicit sequencing help.

Encrypted parameters : Some traffic uses double‑encrypted fields, which the LLM cannot modify without decryption knowledge; this remains an open issue.

Advantages and Limitations

LLMs can inject payloads at multiple points (URL query, body, etc.) in a single request, surpassing traditional scanners.

They leverage extensive, continuously updated payload libraries learned during training.

LLMs can interpret responses to determine successful exploitation.

Drawbacks include slower execution (≈5 seconds per payload) compared to conventional scanners and the need for precise prompting.

Further Expansion

Future work includes applying the AI‑augmented workflow to large asset inventories for fingerprinting, historical vulnerability hunting, and weak‑password detection, focusing on exploit‑type vulnerabilities such as privilege escalation and SQL injection that can be validated via responses.

fun httpRequestResponseFilter(history: List<ProxyHttpRequestResponse>): List<HttpRequestResponse> {</code><code>    val responseExcludePatterns = listOf("^image/.*", "^application/pdf.*", "^text/css.*")</code><code>    val historyNew = history.filter {</code><code>        val hasResponse = it.hasResponse()</code><code>        val hasContentType = hasResponse && it.response().hasHeader("Content-Type")</code><code>        if (!hasResponse) return@filter true</code><code>        if (!hasContentType) return@filter true</code><code>        val contentType = it.response().headerValue("Content-Type")!!</code><code>        !responseExcludePatterns.any { pattern -> contentType.matches(Regex(pattern)) }</code><code>    }.map {</code><code>        HttpRequestResponse.httpRequestResponse(it.request(), it.response(), it.annotations())</code><code>    }</code><code>    return historyNew</code><code>}