whistle-mcp
Verified Safeby 7gugu
Overview
Manages a local Whistle proxy server through Model Context Protocol, allowing AI assistants to control network rules, groups, values, and replay requests.
Installation
whistle-mcp --host=<whistle server IP address> --port=<whistle server port number>Security Notes
The server's primary function is to expose powerful network proxy capabilities (Whistle) to an AI. While the server's code itself does not show obvious direct code injection or hardcoded secrets, granting an AI control over a network proxy via tools like `replayRequest` (allowing arbitrary URL, method, headers, and body) or rule management (creating/updating rules) carries inherent risks. A malicious or unconstrained AI could potentially be instructed to perform network attacks, bypass security, or intercept sensitive data if the underlying Whistle server is not properly secured or is exposed beyond a trusted local environment. The `getInterceptInfo` tool uses user-provided `url` as a regular expression, which is mitigated by a `try-catch` block for invalid regex, falling back to a string `includes` check.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.
mcpproxy-go
MCPProxy super-charges AI agents with intelligent tool discovery, massive token savings, and built-in security quarantine against malicious Model Context Protocol (MCP) servers.