The official Model Context Protocol server for Burp Suite, the leading web application security testing platform.
Note: This MCP server wraps PortSwigger/mcp-server.
Burp Suite must be installed:
- Install Burp Suite Professional or Community Edition
- Download the MCP extension from the BApp Store or build from source
- Load the extension in Burp: Extensions → Add
- The MCP server starts automatically on port 9876
| Tool | Description |
|---|---|
get_sitemap |
Get the current site map |
send_to_repeater |
Send a request to Repeater |
send_to_intruder |
Send a request to Intruder |
get_proxy_history |
Get proxy history |
active_scan |
Start an active scan |
passive_scan |
Analyze for passive issues |
get_issues |
Get discovered vulnerabilities |
- Proxy Integration: Access intercepted traffic
- Scanner Control: Trigger active and passive scans
- Repeater/Intruder: Send requests to testing tools
- Issue Tracking: Retrieve discovered vulnerabilities
- Site Map: Browse application structure
docker build -t burp-mcp .Ensure Burp Suite is running with the MCP extension active:
docker run --rm -i \
--add-host=host.docker.internal:host-gateway \
-e BURP_URL=http://host.docker.internal:9876 \
burp-mcpAdd to your claude_desktop_config.json:
{
"mcpServers": {
"burp": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"--add-host=host.docker.internal:host-gateway",
"burp-mcp"
]
}
}
}For simpler setup, use Burp's built-in MCP directly:
- Install the MCP extension in Burp Suite
- Configure Claude Desktop to connect to
http://127.0.0.1:9876
This tool is designed for authorized web application security testing only. Always ensure you have proper authorization.
GPL-3.0