Burp AI Agent
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
What is Burp AI Agent?
Burp AI Agent is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to burp suite extension that adds built-in mcp tooling, ai-assisted analysis, privacy controls, passive and active scanning and more
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Burp Suite extension that adds built-in MCP tooling, AI-assi
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx burp-ai-agentConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Burp AI Agent
Burp AI Agent is a Burp Suite extension that embeds a built-in MCP server and AI-assisted security analysis directly into Burp Suite, exposing 59 MCP tools that let Claude Desktop or any MCP client drive Burp autonomously for web application penetration testing. It supports 11 AI backends including Claude CLI, OpenAI Codex, Gemini, Ollama, and NVIDIA NIM, scans for 62 vulnerability classes through passive and active scanners, and enforces configurable privacy redaction modes (STRICT, BALANCED, OFF) before sending request data to external AI providers. Security researchers and bug bounty hunters use it to automate repetitive analysis steps and get AI-generated findings on proxy history traffic.
Prerequisites
- Burp Suite Professional or Community Edition installed
- Java 21 or later (required to build from source; pre-built JAR available via BApp Store)
- An API key for at least one AI backend: ANTHROPIC_API_KEY for Claude CLI, OPENAI_API_KEY for Codex
- An MCP-compatible client (Claude Desktop) to connect to the built-in MCP server at localhost:9876
Install the extension
The simplest path is to install directly from Burp Suite's BApp Store (Extensions → BApp Store → search 'AI Agent'). To build from source, clone the repository and build the shadow JAR with Gradle.
# Build from source (if not using BApp Store)
git clone https://github.com/six2dez/burp-ai-agent.git
cd burp-ai-agent
JAVA_HOME=/path/to/jdk-21 ./gradlew clean shadowJarLoad the extension in Burp Suite
In Burp Suite, go to Extensions → Installed → Add. Select the built JAR from build/libs/ or the BApp Store installation path. The extension will add an 'AI Agent' tab to the Burp UI.
Configure an AI backend and API key
In the AI Agent tab, open Settings and select your preferred AI backend. Enter the API key for that backend. For Claude CLI backend, set ANTHROPIC_API_KEY; for Codex CLI, set OPENAI_API_KEY.
# Set keys in your shell environment before launching Burp, or enter in Settings UI
export ANTHROPIC_API_KEY="your-anthropic-key"
export OPENAI_API_KEY="your-openai-key"Enable the built-in MCP server
In the AI Agent extension settings, enable the MCP server option. It will start listening on http://127.0.0.1:9876/sse. Optionally enable Bearer token authentication for the MCP endpoint.
Connect Claude Desktop to the MCP server
Add the Burp AI Agent MCP server to your Claude Desktop configuration pointing at the SSE endpoint on localhost:9876. After connecting, Claude will have access to 59 Burp tools.
Set your privacy redaction mode
In the extension settings, choose STRICT (redact all PII before sending to AI), BALANCED (redact sensitive values only), or OFF (send raw). STRICT is recommended when testing production data.
Burp AI Agent Examples
Client configuration
Configure Claude Desktop to connect to the Burp AI Agent MCP server running locally over SSE. The server must be enabled in the Burp extension settings first.
{
"mcpServers": {
"burp-ai-agent": {
"url": "http://127.0.0.1:9876/sse",
"headers": {
"Authorization": "Bearer your-mcp-token"
}
}
}
}Prompts to try
Example prompts for AI-assisted Burp Suite analysis once connected via MCP.
- "Connect to Burp MCP at localhost:9876 and scan the proxy history for IDOR vulnerabilities"
- "Analyze the last 20 requests in Burp proxy history and identify any missing authentication headers"
- "Run a passive scan on the captured traffic and summarize critical and high severity findings"
- "Look at the response for request #42 in Burp and check if it leaks sensitive user data"
- "Generate a vulnerability report for all SQL injection findings discovered during this session"Troubleshooting Burp AI Agent
Burp Suite fails to load the extension with a Java version error
Ensure Java 21 or later is installed and JAVA_HOME points to it. Run `java -version` to check. On macOS, use `export JAVA_HOME=$(/usr/libexec/java_home -v 21)` before launching Burp or running Gradle.
Claude Desktop cannot connect to the MCP server at localhost:9876
Verify the MCP server is enabled in the Burp AI Agent extension settings and that Burp Suite is running. Check that no firewall rule is blocking localhost:9876. Confirm the SSE endpoint is accessible by visiting http://127.0.0.1:9876/sse in a browser.
AI analysis fails or returns errors about missing API credentials
Set the API key for your chosen backend in the extension Settings UI, not just as an environment variable. The extension reads keys from its own settings store. If using Claude CLI backend, also ensure the claude CLI binary is installed and accessible in PATH.
Frequently Asked Questions about Burp AI Agent
What is Burp AI Agent?
Burp AI Agent is a Model Context Protocol (MCP) server that burp suite extension that adds built-in mcp tooling, ai-assisted analysis, privacy controls, passive and active scanning and more It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Burp AI Agent?
Follow the installation instructions on the Burp AI Agent GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Burp AI Agent?
Burp AI Agent works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Burp AI Agent free to use?
Yes, Burp AI Agent is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Burp AI Agent Alternatives — Similar Security Servers
Looking for alternatives to Burp AI Agent? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Burp AI Agent in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Burp AI Agent?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.