Burp MCP Server

What is Burp MCP Server about?

Enables Burp Suite to expose a Model Context Protocol (MCP) endpoint that AI clients can call, turning Burp into an interactive tool for automated testing, analysis, and response generation.

How to use Burp MCP Server?

1. Prerequisites – Install Java and ensure the jar command is available.
2. Build – Clone the repository, navigate to the project root, and run ./gradlew embedProxyJar. The JAR build/libs/burp-mcp-all.jar is generated.
3. Load into Burp – In Burp Suite, go to the Extensions tab, add a new Java extension, and select the built JAR.
4. Configure – Open the new MCP tab in Burp:
   • Enable the server.
   • Optionally allow configuration‑editing tools.
   • Adjust host/port (default http://127.0.0.1:9876).
5. Connect a client – Point your AI client (e.g., Claude Desktop) to the Burp MCP URL (http://127.0.0.1:9876 or .../sse). For stdio‑only clients, use the packaged mcp-proxy-all.jar with --sse-url pointing to the Burp server.

Key Features

• Direct MCP endpoint inside Burp Suite.
• Automatic Claude Desktop installer for quick client setup.
• Packaged stdio proxy (mcp-proxy-all.jar) to bridge SSE‑only clients.
• Configurable host, port, and optional tool‑editing exposure.
• Fully Java‑based, no external runtime besides the JRE.

Use Cases

• Automated vulnerability analysis – AI models query Burp for site maps, request/response data, and receive suggestions.
• Interactive pen‑testing assistants – Language models generate payloads and send them through Burp in real time.
• Custom tool development – Extend Burp with bespoke “tools” defined in Tools.kt that the AI can invoke.
• Integration with Claude Desktop – Seamlessly route Claude’s prompts to Burp for security‑focused tasks.

FAQ

Q: Do I need a separate server to run the MCP endpoint? A: No. The MCP server runs inside Burp as a Java extension.

Q: Can I change the listening port? A: Yes, the MCP tab lets you specify a custom host and port.

Q: My AI client only supports stdio MCP servers—what should I do? A: Use the bundled mcp-proxy-all.jar. Run it with java -jar mcp-proxy-all.jar --sse-url http://127.0.0.1:9876 and point the client to the proxy executable.

Q: How do I add new tools for the AI to use? A: Create a serializable Kotlin data class in src/main/kotlin/net/portswigger/mcp/tools/Tools.kt. The class name becomes the tool name; provide a description and implement the required interface.

Q: Is any special licensing required? A: The repository is open source; follow the license file included in the project.

Burp Suite MCP Server Extension

Overview

Integrate Burp Suite with AI Clients using the Model Context Protocol (MCP).

For more information about the protocol visit: modelcontextprotocol.io

Features

• Connect Burp Suite to AI clients through MCP
• Automatic installation for Claude Desktop
• Comes with packaged Stdio MCP proxy server

Usage

• Install the extension in Burp Suite
• Configure your Burp MCP server in the extension settings
• Configure your MCP client to use the Burp SSE MCP server or stdio proxy
• Interact with Burp through your client!

Installation

Prerequisites

Ensure that the following prerequisites are met before building and installing the extension:

1. Java: Java must be installed and available in your system's PATH. You can verify this by running java --version in your terminal.
2. jar Command: The jar command must be executable and available in your system's PATH. You can verify this by running jar --version in your terminal. This is required for building and installing the extension.

Building the Extension

1. Clone the Repository: Obtain the source code for the MCP Server Extension.

   git clone https://github.com/PortSwigger/mcp-server.git
   

2. Navigate to the Project Directory: Move into the project's root directory.

   cd burp-mcp
   

3. Build the JAR File: Use Gradle to build the extension.

   ./gradlew embedProxyJar
   

   This command compiles the source code and packages it into a JAR file located in build/libs/burp-mcp-all.jar.

Loading the Extension into Burp Suite

1. Open Burp Suite: Launch your Burp Suite application.
2. Access the Extensions Tab: Navigate to the Extensions tab.
3. Add the Extension:
   • Click on Add.
   • Set Extension Type to Java.
   • Click Select file ... and choose the JAR file built in the previous step.
   • Click Next to load the extension.

Upon successful loading, the MCP Server Extension will be active within Burp Suite.

Configuration

Configuring the Extension

Configuration for the extension is done through the Burp Suite UI in the MCP tab.

• Toggle the MCP Server: The Enabled checkbox controls whether the MCP server is active.
• Enable config editing: The Enable tools that can edit your config checkbox allows the MCP server to expose tools which can edit Burp configuration files.
• Advanced options: You can configure the port and host for the MCP server. By default, it listens on http://127.0.0.1:9876.

Claude Desktop Client

To fully utilize the MCP Server Extension with Claude, you need to configure your Claude client settings appropriately. The extension has an installer which will automatically configure the client settings for you.

1. Currently, Claude Desktop only support STDIO MCP Servers for the service it needs. This approach isn't ideal for desktop apps like Burp, so instead, Claude will start a proxy server that points to the Burp instance,
   which hosts a web server at a known port (localhost:9876).

2. Configure Claude to use the Burp MCP server
   You can do this in one of two ways:

   • Option 1: Run the installer from the extension This will add the Burp MCP server to the Claude Desktop config.

   • Option 2: Manually edit the config file
     Open the file located at ~/Library/Application Support/Claude/claude_desktop_config.json, and replace or update it with the following:

     {
       "mcpServers": {
         "burp": {
           "command": "<path to Java executable packaged with Burp>",
           "args": [
               "-jar",
               "/path/to/mcp/proxy/jar/mcp-proxy-all.jar",
               "--sse-url",
               "<your Burp MCP server URL configured in the extension>"
           ]
         }
       }
     }
     

3. Restart Claude Desktop - assuming Burp is running with the extension loaded.

Manual installations

If you want to install the MCP server manually you can either use the extension's SSE server directly or the packaged Stdio proxy server.

SSE MCP Server

In order to use the SSE server directly you can just provide the url for the server in your client's configuration. Depending on your client and your configuration in the extension this may be with or without the /sse path.

http://127.0.0.1:9876

or

http://127.0.0.1:9876/sse

Stdio MCP Proxy Server

The source code for the proxy server can be found here: MCP Proxy Server

In order to support MCP Clients which only support Stdio MCP Servers, the extension comes packaged with a proxy server for passing requests to the SSE MCP server extension.

If you want to use the Stdio proxy server you can use the extension's installer option to extract the proxy server jar. Once you have the jar you can add the following command and args to your client configuration:

/path/to/packaged/burp/java -jar /path/to/proxy/jar/mcp-proxy-all.jar --sse-url http://127.0.0.1:9876

Creating / modifying tools

Tools are defined in src/main/kotlin/net/portswigger/mcp/tools/Tools.kt. To define new tools, create a new serializable data class with the required parameters which will come from the LLM.

The tool name is auto-derived from its parameters data class. A description is also needed for the LLM. You can return a string (or richer PromptMessageContents) to provide data back to the LLM.

Extend the Paginated interface to add auto-pagination support.