Burp AI Agent

v1.0.0Securitystable

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

aiappsecbugbountyburpburp-extensions
Share:
1,162
Stars
0
Downloads
0
Weekly
0/5

What is Burp AI Agent?

Burp AI Agent is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to burp suite extension that adds built-in mcp tooling, ai-assisted analysis, privacy controls, passive and active scanning and more

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Burp Suite extension that adds built-in MCP tooling, AI-assi

Use Cases

Burp Suite AI-assisted security analysis
Passive and active scanning automation
six2dez

Maintainer

LicenseMIT
Languagekotlin
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx burp-ai-agent

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Burp AI Agent

Burp AI Agent is a Burp Suite extension that embeds a built-in MCP server and AI-assisted security analysis directly into Burp Suite, exposing 59 MCP tools that let Claude Desktop or any MCP client drive Burp autonomously for web application penetration testing. It supports 11 AI backends including Claude CLI, OpenAI Codex, Gemini, Ollama, and NVIDIA NIM, scans for 62 vulnerability classes through passive and active scanners, and enforces configurable privacy redaction modes (STRICT, BALANCED, OFF) before sending request data to external AI providers. Security researchers and bug bounty hunters use it to automate repetitive analysis steps and get AI-generated findings on proxy history traffic.

Prerequisites

  • Burp Suite Professional or Community Edition installed
  • Java 21 or later (required to build from source; pre-built JAR available via BApp Store)
  • An API key for at least one AI backend: ANTHROPIC_API_KEY for Claude CLI, OPENAI_API_KEY for Codex
  • An MCP-compatible client (Claude Desktop) to connect to the built-in MCP server at localhost:9876
1

Install the extension

The simplest path is to install directly from Burp Suite's BApp Store (Extensions → BApp Store → search 'AI Agent'). To build from source, clone the repository and build the shadow JAR with Gradle.

# Build from source (if not using BApp Store)
git clone https://github.com/six2dez/burp-ai-agent.git
cd burp-ai-agent
JAVA_HOME=/path/to/jdk-21 ./gradlew clean shadowJar
2

Load the extension in Burp Suite

In Burp Suite, go to Extensions → Installed → Add. Select the built JAR from build/libs/ or the BApp Store installation path. The extension will add an 'AI Agent' tab to the Burp UI.

3

Configure an AI backend and API key

In the AI Agent tab, open Settings and select your preferred AI backend. Enter the API key for that backend. For Claude CLI backend, set ANTHROPIC_API_KEY; for Codex CLI, set OPENAI_API_KEY.

# Set keys in your shell environment before launching Burp, or enter in Settings UI
export ANTHROPIC_API_KEY="your-anthropic-key"
export OPENAI_API_KEY="your-openai-key"
4

Enable the built-in MCP server

In the AI Agent extension settings, enable the MCP server option. It will start listening on http://127.0.0.1:9876/sse. Optionally enable Bearer token authentication for the MCP endpoint.

5

Connect Claude Desktop to the MCP server

Add the Burp AI Agent MCP server to your Claude Desktop configuration pointing at the SSE endpoint on localhost:9876. After connecting, Claude will have access to 59 Burp tools.

6

Set your privacy redaction mode

In the extension settings, choose STRICT (redact all PII before sending to AI), BALANCED (redact sensitive values only), or OFF (send raw). STRICT is recommended when testing production data.

Burp AI Agent Examples

Client configuration

Configure Claude Desktop to connect to the Burp AI Agent MCP server running locally over SSE. The server must be enabled in the Burp extension settings first.

{
  "mcpServers": {
    "burp-ai-agent": {
      "url": "http://127.0.0.1:9876/sse",
      "headers": {
        "Authorization": "Bearer your-mcp-token"
      }
    }
  }
}

Prompts to try

Example prompts for AI-assisted Burp Suite analysis once connected via MCP.

- "Connect to Burp MCP at localhost:9876 and scan the proxy history for IDOR vulnerabilities"
- "Analyze the last 20 requests in Burp proxy history and identify any missing authentication headers"
- "Run a passive scan on the captured traffic and summarize critical and high severity findings"
- "Look at the response for request #42 in Burp and check if it leaks sensitive user data"
- "Generate a vulnerability report for all SQL injection findings discovered during this session"

Troubleshooting Burp AI Agent

Burp Suite fails to load the extension with a Java version error

Ensure Java 21 or later is installed and JAVA_HOME points to it. Run `java -version` to check. On macOS, use `export JAVA_HOME=$(/usr/libexec/java_home -v 21)` before launching Burp or running Gradle.

Claude Desktop cannot connect to the MCP server at localhost:9876

Verify the MCP server is enabled in the Burp AI Agent extension settings and that Burp Suite is running. Check that no firewall rule is blocking localhost:9876. Confirm the SSE endpoint is accessible by visiting http://127.0.0.1:9876/sse in a browser.

AI analysis fails or returns errors about missing API credentials

Set the API key for your chosen backend in the extension Settings UI, not just as an environment variable. The extension reads keys from its own settings store. If using Claude CLI backend, also ensure the claude CLI binary is installed and accessible in PATH.

Frequently Asked Questions about Burp AI Agent

What is Burp AI Agent?

Burp AI Agent is a Model Context Protocol (MCP) server that burp suite extension that adds built-in mcp tooling, ai-assisted analysis, privacy controls, passive and active scanning and more It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Burp AI Agent?

Follow the installation instructions on the Burp AI Agent GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Burp AI Agent?

Burp AI Agent works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Burp AI Agent free to use?

Yes, Burp AI Agent is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Burp AI Agent Alternatives — Similar Security Servers

Looking for alternatives to Burp AI Agent? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "burp-ai-agent": { "command": "npx", "args": ["-y", "burp-ai-agent"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Burp AI Agent?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides