home / mcp / portswigger mcp server

Portswigger MCP Server

Provides a Burp Suite MCP server to connect with AI clients via HTTP SSE or a local stdio proxy.

Installation

Add the following to your MCP client configuration file.

Configuration

{
  "mcpServers": {
    "portswigger-mcp-server": {
      "url": "http://127.0.0.1:9876"
    }
  }
}

You set up a Burp Suite MCP Server to connect Burp with AI clients using the Model Context Protocol. It supports an HTTP SSE server for remote clients and a packaged local stdio proxy for clients that require a local process interaction, enabling seamless interaction between Burp and your MCP-enabled AI workflows.

How to use

You interact with Burp through an MCP client by connecting to the Burp MCP server either via the SSE HTTP endpoint or through the local stdio proxy. Use the SSE endpoint to expose Burp’s MCP services at http://127.0.0.1:9876 and opt for the stdio proxy if your client requires a local process interface.

How to install

Prerequisites you must have before installing the extension:

Java must be installed and available in your system PATH
The jar command must be executable and available in your system PATH

Install and load the extension into Burp Suite by following these steps:

Build the extension using Gradle to produce the MCP JAR
Embed the proxy JAR into Burp MCP as described in the next steps

Configuration

The MCP Server supports two connection methods: an HTTP SSE server and a local stdio proxy. The HTTP SSE server runs at the default address http://127.0.0.1:9876 and can be used directly by MCP clients. The stdio proxy runs as a local process and forwards requests to the SSE server.

Use the following configuration to enable both connection methods from your MCP client setup. The HTTP method uses the SSE URL, while the stdio method uses the packaged proxy to connect to that SSE server.

{
  "mcpServers": {
    "burp_sse": {
      "type": "http",
      "name": "burp_sse",
      "url": "http://127.0.0.1:9876",
      "args": []
    },
    "burp_proxy": {
      "type": "stdio",
      "name": "burp_proxy",
      "command": "java",
      "args": [
        "-jar",
        "/path/to/mcp/proxy/jar/mcp-proxy-all.jar",
        "--sse-url",
        "http://127.0.0.1:9876"
      ]
    }
  }
}

Claude Desktop integration notes

Automatic configuration is supported for Claude Desktop. The client is configured to use the Burp MCP server so Claude can route interactions through Burp. If you prefer manual setup, you can edit Claude’s config to reference the Burp MCP server directly.

{
  "mcpServers": {
    "burp": {
      "command": "<path to Java executable packaged with Burp>",
      "args": [
        "-jar",
        "/path/to/mcp/proxy/jar/mcp-proxy-all.jar",
        "--sse-url",
        "http://127.0.0.1:9876"
      ]
    }
  }
}

Notes on workflow and restart

After loading the extension and starting Burp Suite with the MCC Server extension enabled, ensure the SSE server is reachable at http://127.0.0.1:9876. If Claude Desktop is in use, restart Claude Desktop after Burp is running with the extension loaded to apply the new MCP server configuration.

Additional considerations

Security: restrict access to the local MCP server to trusted clients. If you expose the SSE endpoint beyond localhost, implement appropriate authentication and network safeguards.