BurpSuite

v1.0.0Securitystable

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

burpsuite-mcp-servermcpai-integration
Share:
80
Stars
0
Downloads
0
Weekly
0/5

What is BurpSuite?

BurpSuite is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to burpsuite mcp server: a powerful model context protocol (mcp) server implementation for burpsuite, providing programmatic access to burp's core functionalities.

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • BurpSuite MCP Server: A powerful Model Context Protocol (MCP

Use Cases

Access BurpSuite core functionalities programmatically for security testing.
Automate web application security scanning through MCP.
X3r0K

Maintainer

LicenseMIT License
Languagepython
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx burpsuite-mcp-server

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use BurpSuite

The BurpSuite MCP Server bridges the Model Context Protocol and Burp Suite Professional/Community, exposing Burp's core security testing capabilities — proxy interception, active/passive scanning, and HTTP traffic logging with automatic vulnerability detection — through a FastAPI-based HTTP interface that any MCP client can call. Security engineers can direct an AI assistant to intercept specific requests, kick off targeted XSS or SQL injection scans, analyze traffic patterns for suspicious behavior, and pull vulnerability reports, all through natural language without switching between Burp's GUI and their coding environment.

Prerequisites

  • Python 3.8 or higher with pip
  • Burp Suite Professional or Community Edition installed and running with the REST API enabled
  • Burp Suite REST API key (from Burp's User Options > REST API)
  • An MCP-compatible client such as Claude Desktop or Cursor
1

Clone the repository

Clone the BurpSuite MCP Server repository from GitHub.

git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server
2

Install Python dependencies

Install the required packages including FastAPI, the MCP SDK, and the Burp API client libraries.

pip install -r requirements.txt
3

Configure the environment

Copy the example .env file and fill in your Burp Suite API key, host, and port settings. The defaults assume Burp is running locally.

cp .env.example .env
# Edit .env with your values:
# BURP_API_KEY=Your_API_KEY
# BURP_API_HOST=localhost
# BURP_API_PORT=1337
# BURP_PROXY_HOST=127.0.0.1
# BURP_PROXY_PORT=8080
# MCP_SERVER_HOST=0.0.0.0
# MCP_SERVER_PORT=8000
4

Enable Burp Suite's REST API

In Burp Suite, go to User Options > REST API, enable the API, set a key, and confirm it listens on port 1337 (the default). This is the endpoint the MCP server communicates with.

5

Start the MCP server

Run the main Python script to start the FastAPI server. It will be accessible at http://localhost:8000 with interactive docs at /docs.

python main.py
6

Register the server in your MCP client

Add the running server's HTTP endpoint to your MCP client configuration. The server communicates over HTTP, so use the HTTP MCP transport.

BurpSuite Examples

Client configuration

Configuration for an MCP client connecting to the locally running BurpSuite MCP Server over HTTP.

{
  "mcpServers": {
    "burpsuite-mcp-server": {
      "command": "python",
      "args": ["main.py"],
      "cwd": "/path/to/BurpSuite-MCP-Server",
      "env": {
        "BURP_API_KEY": "your-burp-api-key",
        "BURP_API_HOST": "localhost",
        "BURP_API_PORT": "1337",
        "BURP_PROXY_HOST": "127.0.0.1",
        "BURP_PROXY_PORT": "8080",
        "MCP_SERVER_HOST": "0.0.0.0",
        "MCP_SERVER_PORT": "8000"
      }
    }
  }
}

Prompts to try

Example security testing prompts that exercise the proxy, scanner, and logger tools.

- "Start an active scan on https://testsite.example.com focusing on XSS and SQL injection."
- "Show me the proxy history for the last 10 intercepted requests."
- "Analyze the traffic logs for suspicious patterns and list any detected vulnerabilities."
- "Check the current scan status and report any high-severity issues found so far."
- "Get a breakdown of vulnerabilities by severity from the logger."

Troubleshooting BurpSuite

The server fails to connect to Burp Suite with a connection refused error

Confirm Burp Suite is running and the REST API is enabled in User Options > REST API. Verify BURP_API_PORT in .env matches the port shown in Burp's settings (default 1337). Make sure no firewall is blocking localhost traffic on that port.

Authentication errors when calling the Burp API

The BURP_API_KEY in .env must exactly match the key set in Burp Suite's REST API settings. Keys are case-sensitive. Regenerate the key in Burp if unsure, then update .env and restart python main.py.

Scans appear to start but never return results

Active scans take time depending on target size and configuration. Poll /scanner/status/<scan_id> to check progress. Burp Suite Community Edition has limited active scanning capabilities — some scan types require Burp Suite Professional.

Frequently Asked Questions about BurpSuite

What is BurpSuite?

BurpSuite is a Model Context Protocol (MCP) server that burpsuite mcp server: a powerful model context protocol (mcp) server implementation for burpsuite, providing programmatic access to burp's core functionalities. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install BurpSuite?

Follow the installation instructions on the BurpSuite GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with BurpSuite?

BurpSuite works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is BurpSuite free to use?

Yes, BurpSuite is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

BurpSuite Alternatives — Similar Security Servers

Looking for alternatives to BurpSuite? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "burpsuite-mcp-server": { "command": "npx", "args": ["-y", "burpsuite-mcp-server"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use BurpSuite?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides