loading…
Весь каталог
Webhook.Site Server
БесплатноHostedEnables interaction with Webhook.site to create, manage, and monitor endpoints for capturing HTTP requests, emails, and DNS lookups. It provides 16 tools for te
автор: zebbern
Описание
Enables interaction with Webhook.site to create, manage, and monitor endpoints for capturing HTTP requests, emails, and DNS lookups. It provides 16 tools for testing webhooks and inspecting incoming data through the Model Context Protocol.
README
A Model Context Protocol (MCP) server for webhook.site - instantly capture HTTP requests, emails, and DNS lookups. Perfect for testing webhooks, debugging API callbacks, security testing, and bug bounty hunting.
Table of Contents
- Quick Start
- What Can You Do?
- Tools Reference
- Examples
- Each Webhook Token Provides
- Architecture
- Development
- Contributing
- Requirements
- Changelog
- Credits
- Links
Quick Start
Installation
# Using uvx (recommended - no install needed)
uvx webhook-mcp-server
# Or install via pip
pip install webhook-mcp-server
VS Code / GitHub Copilot
Add to .vscode/mcp.json:
{
"servers": {
"webhook-mcp-server": {
"type": "stdio",
"command": "uvx",
"args": ["webhook-mcp-server"]
}
}
}
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"webhook-mcp-server": {
"command": "uvx",
"args": ["webhook-mcp-server"]
}
}
}
What Can You Do?
Capture Webhooks
"Create a webhook and show me the URL"
"What requests have been sent to my webhook?"
"Wait for a request to come in"
Security/Bug Bounty:
"Generate an SSRF payload to test for blind vulnerabilities"
"Create XSS callback payloads to detect blind XSS attacks"
"Make me a canary token to detect if someone accesses a URL"
Email Automation:
"Create a temp email and wait for a password reset link"
"Monitor this webhook for emails and extract all links from them"
"Give me 3 temporary emails at once" (batch creation)
API Testing:
"Create a webhook that returns a 404 error with a custom message"
"Make a webhook with CORS enabled that waits 5 seconds before responding"
"Send 10 different test requests to a webhook and show me all the captured data"
Real-time Monitoring:
"Create a webhook and wait for any HTTP request to arrive"
"Monitor for DNS lookups to detect if a server is making DNS queries"
"Search all requests for ones containing 'password' in the body"
Data Analysis:
"Export all captured webhook requests to JSON format"
"Show me statistics on requests received in the last hour"
"Filter and show only POST requests with specific headers"
Creative/Practical:
"Create a webhook that pretends to be a Stripe payment API"
"Make a fake login endpoint that captures credentials (for pentesting)"
"Set up an email inbox that auto-extracts verification codes"
Canary Tokens
"Create a canary URL to track document access"
"Generate a DNS canary for the config file"
"Set up an email tracker pixel"
Tools Reference
Webhook Management
| Tool | Description |
|---|---|
create_webhook |
Create a new webhook endpoint |
create_webhook_with_config |
Create with custom response, status, CORS, timeout |
get_webhook_url |
Get the full URL for a webhook token |
get_webhook_email |
Get the email address for a webhook |
get_webhook_dns |
Get the DNS subdomain for a webhook |
get_webhook_info |
Get webhook settings and statistics |
update_webhook |
Modify webhook configuration |
delete_webhook |
Delete a webhook endpoint |
Request Handling
| Tool | Description |
|---|---|
send_to_webhook |
Send JSON data to a webhook |
get_webhook_requests |
List all captured requests |
search_requests |
Search with filters (method, content, date) |
delete_request |
Delete a specific request |
delete_all_requests |
Bulk delete with filters |
Real-Time Waiting
| Tool | Description |
|---|---|
wait_for_request |
Wait for an HTTP request (polling) |
wait_for_email |
Wait for email with automatic link extraction |
Bug Bounty / Security
| Tool | Description |
|---|---|
generate_ssrf_payload |
Create SSRF test payloads (HTTP, DNS, IP-based) |
generate_xss_callback |
Create XSS callback payloads with cookie/DOM capture |
generate_canary_token |
Create trackable URLs, DNS, or email canaries |
check_for_callbacks |
Quick check for OOB callbacks |
extract_links_from_request |
Extract URLs from captured requests |
Batch & Utility
| Tool | Description |
|---|---|
send_multiple_requests |
Send batch of requests for load testing |
export_webhook_data |
Export all requests to JSON |
Examples
Create a Webhook
// Response from create_webhook
{
"token": "abc123-def456-...",
"url": "https://webhook.site/abc123-def456-...",
"email": "[email protected]",
"dns": "abc123-def456-....dnshook.site"
}
Wait for Password Reset Email
// Response from wait_for_email
{
"email_received": true,
"subject": "Password Reset Request",
"from": "[email protected]",
"links_found": ["https://example.com/reset?token=xyz789"]
}
SSRF Testing Payload
// Response from generate_ssrf_payload
{
"payloads": {
"http": "https://webhook.site/token?id=ssrf-test",
"dns": "ssrf-test.token.dnshook.site",
"ip_decimal": "http://2130706433/token",
"ip_hex": "http://0x7f000001/token"
}
}
Each Webhook Token Provides
| Endpoint | Format | Use Case |
|---|---|---|
| HTTP URL | https://webhook.site/{token} |
Capture HTTP/HTTPS requests |
| Subdomain | https://{token}.webhook.site |
Alternative URL format |
{token}@email.webhook.site |
Capture incoming emails | |
| DNS | {token}.dnshook.site |
Capture DNS lookups |
Architecture
webhook-mcp-server/
├── server.py # MCP entry point
├── handlers/ # Tool routing layer
├── services/ # Business logic
│ ├── webhook_service.py # Webhook CRUD
│ ├── request_service.py # Request management
│ └── bugbounty_service.py # Security payloads
├── models/ # Tool definitions & schemas
└── utils/ # HTTP client, logging, validation
Key Features
- Async Architecture - Non-blocking I/O for optimal performance
- Retry Logic - Exponential backoff for transient failures
- Input Validation - UUID validation, parameter sanitization
- Structured Logging - JSON logs for debugging and monitoring
- Type Safety - Full type hints throughout
Development
Setup
git clone https://github.com/zebbern/webhook-mcp-server.git
cd webhook-mcp-server
pip install -e ".[dev]"
Run Tests
pytest tests/ -v
Run Locally
python server.py
Requirements
- Python 3.10+
mcp >= 1.0.0httpx >= 0.25.0
Changelog
See CHANGELOG.md for version history.
Contributing
Contributions are welcome! Here's how you can help:
- Report bugs - Open an issue describing the problem
- Suggest features - Open an issue with your idea
- Submit PRs - Fork the repo and submit a pull request
Development Setup
git clone https://github.com/zebbern/webhook-mcp-server.git
cd webhook-mcp-server
pip install -e ".[dev]"
pytest tests/ -v
Guidelines
- Follow existing code style
- Add tests for new features
- Update documentation as needed
- Keep PRs focused on a single change
Credits
This project is not affiliated with or endorsed by webhook.site
Links
- 📦 PyPI Package
- 🐙 GitHub Repository
- 🌐 webhook.site - The service this MCP wraps
- 📖 Model Context Protocol - MCP specification
Made with ❤️ for the MCP community
Как установить
Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.
{
"mcpServers": {
"webhook-site-mcp-server": {
"command": "npx",
"args": []
}
}
}