A comprehensive HTTP client MCP (Model Context Protocol) server for API testing, web automation and security testing. Provides full-featured HTTP tools with detailed logging capabilities.
为API 测试和 Web 自动化和安全测试设计提供的全功能 HTTP 客户端 MCP 服务器,具备完整的 HTTP 工具和详细的日志记录功能。
- Complete HTTP Methods Support / 完整的 HTTP 方法支持: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS
- Advanced Security Testing / 高级安全测试: Raw request tool for penetration testing, SQL injection, XSS testing / 原始请求工具,用于渗透测试、SQL 注入、XSS 测试
- Full Parameter Support / 全参数支持: Headers, cookies, body, timeout for all methods / 所有方法支持 Headers、Cookies、Body、超时设置
- Automatic Logging / 自动日志记录: All requests and responses logged to
~/mcp_requests_logs// 所有请求和响应自动记录到~/mcp_requests_logs/ - Precision Guarantee / 精确保证: Raw mode preserves every character exactly as provided / 原始模式完全保留每个字符
- MCP Compatible / MCP 兼容: Works with Claude Code, Cursor, and other MCP clients / 兼容 Claude Code、Cursor 和其他 MCP 客户端
pip install mcp-requestAdd to your MCP configuration (~/.cursor/mcp_servers.json or similar):
添加到你的 MCP 配置文件 (~/.cursor/mcp_servers.json 或类似文件):
{
"mcpServers": {
"mcp-request": {
"command": "mcp-request",
"type": "stdio"
}
}
}- http_get - GET request with full support / 全功能 GET 请求
- http_post - POST request with full support / 全功能 POST 请求
- http_put - PUT request with full support / 全功能 PUT 请求
- http_delete - DELETE request with full support / 全功能 DELETE 请求
- http_patch - PATCH request with full support / 全功能 PATCH 请求
- http_head - HEAD request with full support / 全功能 HEAD 请求
- http_options - OPTIONS request with full support / 全功能 OPTIONS 请求
- http_raw_request - 🔒 Raw HTTP requests for security testing / 🔒 用于安全测试的原始 HTTP 请求
# Basic GET request / 基础 GET 请求
http_get("https://api.example.com/users")
# POST with data and headers / 带数据和请求头的 POST 请求
http_post(
url="https://api.example.com/login",
body='{"username":"test","password":"test"}',
headers={"Content-Type": "application/json"}
)
# Security testing with raw request / 使用原始请求进行安全测试
http_raw_request(
url="https://vulnerable-site.com/search",
method="POST",
raw_body="q=test' OR 1=1--",
headers={"Content-Type": "application/x-www-form-urlencoded"}
)The http_raw_request tool is specifically designed for security testing:
http_raw_request 工具专为安全测试设计:
- Absolute Precision / 绝对精确: Every character preserved exactly / 每个字符完全保留
- No Encoding / 无编码: Special characters (', ", \, %, &, =) sent as-is / 特殊字符 (', ", \, %, &, =) 原样发送
- Complete Headers / 完整请求头: No truncation of long cookies or tokens / 不截断长 cookies 或 tokens
- Raw Payloads / 原始载荷: Perfect for SQL injection, XSS, CSRF testing / 完美适用于 SQL 注入、XSS、CSRF 测试
All HTTP requests and responses are automatically logged to:
所有 HTTP 请求和响应自动记录到:
- Location / 位置:
~/mcp_requests_logs/ - Format / 格式: JSON with timestamps, complete request/response details / JSON 格式,包含时间戳和完整的请求/响应详情
- Filename / 文件名:
requests_YYYYMMDD_HHMMSS.log
View logs with / 查看日志:
tail -f ~/mcp_requests_logs/requests_*.log- Python ≥ 3.13
- httpx ≥ 0.25.0
- mcp[cli] ≥ 1.9.4
MIT License
Contributions welcome! This tool is designed for defensive security testing and legitimate API testing purposes only.
欢迎贡献!此工具仅用于防御性安全测试和合法的 API 测试目的。