playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
AI Image Editor
Log in

Burp Suite MCP server

Integrates with Burp Suite for web security testing, enabling HTTP request manipulation, proxy history analysis, and security testing operations for vulnerability assessment and penetration testing workflows.
Back to servers
Provider
PortSwigger
Release date
Apr 03, 2025
Language
Kotlin
Stats
97 stars
View on GitHub

The Burp Suite MCP Server Extension allows you to integrate Burp Suite with AI clients using the Model Context Protocol (MCP). This extension acts as a bridge between Burp Suite's functionality and AI assistants that support the MCP standard, enabling AI tools to interact directly with Burp Suite.

Installation

Prerequisites

Before installing the extension, ensure you have:

  1. Java installed and available in your system's PATH (verify with java --version)
  2. The jar command available in your PATH (verify with jar --version)

Building from Source

  1. Clone the repository:

    git clone https://github.com/PortSwigger/mcp-server.git

  2. Navigate to the project directory:

    cd burp-mcp

  3. Build the JAR file:

    ./gradlew embedProxyJar

    This creates the extension JAR at build/libs/burp-mcp-all.jar

Loading into Burp Suite

  1. Open Burp Suite
  2. Go to the Extensions tab
  3. Click "Add"
  4. Set "Extension Type" to "Java"
  5. Click "Select file..." and choose the JAR file you built
  6. Click "Next" to load the extension

Configuration

Extension Settings

Configure the extension through the MCP tab in Burp Suite:

  • Enabled: Toggle to activate/deactivate the MCP server
  • Enable tools that can edit your config: Allow the MCP server to modify Burp configuration
  • Advanced options: Configure host and port (default: http://127.0.0.1:9876)

Setting Up Claude Desktop

The extension works with Claude Desktop through a proxy server. You can configure this in two ways:

Option 1: Automatic Installation

Use the built-in installer from the extension to automatically configure Claude Desktop.

Option 2: Manual Configuration

  1. Open the Claude Desktop config file at ~/Library/Application Support/Claude/claude_desktop_config.json
  2. Update it with the following configuration: 
    {
  "mcpServers": {
    "burp": {
      "command": "<path to Java executable packaged with Burp>",
      "args": [
          "-jar",
          "/path/to/mcp/proxy/jar/mcp-proxy-all.jar",
          "--sse-url",
          "<your Burp MCP server URL configured in the extension>"
      ]
    }
  }
}
  3. Restart Claude Desktop with Burp running and the extension loaded

Manual Connection Options

Direct SSE MCP Server Connection

If your client supports SSE MCP servers directly, configure it with:

http://127.0.0.1:9876

or

http://127.0.0.1:9876/sse

Using the Stdio MCP Proxy Server

For clients that only support Stdio MCP servers:

  1. Use the extension's installer to extract the proxy server JAR
  2. Add this command to your client configuration: 
    /path/to/packaged/burp/java -jar /path/to/proxy/jar/mcp-proxy-all.jar --sse-url http://127.0.0.1:9876

Once configured, you can interact with Burp Suite through your AI client using the Model Context Protocol.

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later