BurpSuite
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
What is BurpSuite?
BurpSuite is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to burpsuite mcp server: a powerful model context protocol (mcp) server implementation for burpsuite, providing programmatic access to burp's core functionalities.
BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- BurpSuite MCP Server: A powerful Model Context Protocol (MCP
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx burpsuite-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use BurpSuite
The BurpSuite MCP Server bridges the Model Context Protocol and Burp Suite Professional/Community, exposing Burp's core security testing capabilities — proxy interception, active/passive scanning, and HTTP traffic logging with automatic vulnerability detection — through a FastAPI-based HTTP interface that any MCP client can call. Security engineers can direct an AI assistant to intercept specific requests, kick off targeted XSS or SQL injection scans, analyze traffic patterns for suspicious behavior, and pull vulnerability reports, all through natural language without switching between Burp's GUI and their coding environment.
Prerequisites
- Python 3.8 or higher with pip
- Burp Suite Professional or Community Edition installed and running with the REST API enabled
- Burp Suite REST API key (from Burp's User Options > REST API)
- An MCP-compatible client such as Claude Desktop or Cursor
Clone the repository
Clone the BurpSuite MCP Server repository from GitHub.
git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-ServerInstall Python dependencies
Install the required packages including FastAPI, the MCP SDK, and the Burp API client libraries.
pip install -r requirements.txtConfigure the environment
Copy the example .env file and fill in your Burp Suite API key, host, and port settings. The defaults assume Burp is running locally.
cp .env.example .env
# Edit .env with your values:
# BURP_API_KEY=Your_API_KEY
# BURP_API_HOST=localhost
# BURP_API_PORT=1337
# BURP_PROXY_HOST=127.0.0.1
# BURP_PROXY_PORT=8080
# MCP_SERVER_HOST=0.0.0.0
# MCP_SERVER_PORT=8000Enable Burp Suite's REST API
In Burp Suite, go to User Options > REST API, enable the API, set a key, and confirm it listens on port 1337 (the default). This is the endpoint the MCP server communicates with.
Start the MCP server
Run the main Python script to start the FastAPI server. It will be accessible at http://localhost:8000 with interactive docs at /docs.
python main.pyRegister the server in your MCP client
Add the running server's HTTP endpoint to your MCP client configuration. The server communicates over HTTP, so use the HTTP MCP transport.
BurpSuite Examples
Client configuration
Configuration for an MCP client connecting to the locally running BurpSuite MCP Server over HTTP.
{
"mcpServers": {
"burpsuite-mcp-server": {
"command": "python",
"args": ["main.py"],
"cwd": "/path/to/BurpSuite-MCP-Server",
"env": {
"BURP_API_KEY": "your-burp-api-key",
"BURP_API_HOST": "localhost",
"BURP_API_PORT": "1337",
"BURP_PROXY_HOST": "127.0.0.1",
"BURP_PROXY_PORT": "8080",
"MCP_SERVER_HOST": "0.0.0.0",
"MCP_SERVER_PORT": "8000"
}
}
}
}Prompts to try
Example security testing prompts that exercise the proxy, scanner, and logger tools.
- "Start an active scan on https://testsite.example.com focusing on XSS and SQL injection."
- "Show me the proxy history for the last 10 intercepted requests."
- "Analyze the traffic logs for suspicious patterns and list any detected vulnerabilities."
- "Check the current scan status and report any high-severity issues found so far."
- "Get a breakdown of vulnerabilities by severity from the logger."Troubleshooting BurpSuite
The server fails to connect to Burp Suite with a connection refused error
Confirm Burp Suite is running and the REST API is enabled in User Options > REST API. Verify BURP_API_PORT in .env matches the port shown in Burp's settings (default 1337). Make sure no firewall is blocking localhost traffic on that port.
Authentication errors when calling the Burp API
The BURP_API_KEY in .env must exactly match the key set in Burp Suite's REST API settings. Keys are case-sensitive. Regenerate the key in Burp if unsure, then update .env and restart python main.py.
Scans appear to start but never return results
Active scans take time depending on target size and configuration. Poll /scanner/status/<scan_id> to check progress. Burp Suite Community Edition has limited active scanning capabilities — some scan types require Burp Suite Professional.
Frequently Asked Questions about BurpSuite
What is BurpSuite?
BurpSuite is a Model Context Protocol (MCP) server that burpsuite mcp server: a powerful model context protocol (mcp) server implementation for burpsuite, providing programmatic access to burp's core functionalities. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install BurpSuite?
Follow the installation instructions on the BurpSuite GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with BurpSuite?
BurpSuite works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is BurpSuite free to use?
Yes, BurpSuite is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
BurpSuite Alternatives — Similar Security Servers
Looking for alternatives to BurpSuite? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up BurpSuite in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use BurpSuite?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.