BurpMCP
@swgee
About BurpMCP
Burp Suite Extension with MCP Server to enhance manual application security testing
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"burpmcp": {
"autoApprove": [],
"disabled": false,
"timeout": 30,
"url": "http://localhost:8181/mcp/sse",
"transportType": "sse"
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is BurpMCP?
BurpMCP is a Burp Suite extension that integrates with Model Context Protocol (MCP) clients like Claude Desktop and Cursor, allowing LLMs to assist in manual HTTP-based application security testing. It provides tools to save, send, and modify requests, generate Collaborator payloads, and view debug logs, serving as an AI-powered sidekick for security testers, vulnerability researchers, and bug bounty hunters.
How to use BurpMCP?
Download the jar from releases and load it into Burp. The MCP server runs by default on localhost port 8181 over SSE. Configure your MCP client (e.g., Cline, Dive) with the SSE URL http://localhost:8181/mcp/sse. For STDIO‑only clients like Claude Desktop, use the provided stdio-bridge.py script. To send a request, right‑click it in Burp and select Extensions -> Send to BurpMCP. Saved requests appear in the “Saved Requests” tab and can be retrieved by the LLM.
Key features of BurpMCP
- Save requests for MCP clients to retrieve.
- Send new HTTP/1.1 and HTTP/2 requests.
- Resend saved requests with regex string replacements.
- Generate Collaborator payloads and retrieve interactions.
- View all MCP messages in server logs for debugging.
Use cases of BurpMCP
- Autonomous testing of HTTP-based applications with LLM guidance.
- Navigating unfamiliar attack surfaces with AI‑driven exploration.
- Out‑of‑band vulnerability detection via Collaborator payloads.
- Streamlining repeater‑like tasks for large numbers of requests.
- Debugging LLM‑driven testing workflows by inspecting MCP messages.
FAQ from BurpMCP
Why do models sometimes omit headers like Content‑Length or URL encoding?
This is a known model limitation, not a bug in BurpMCP. The LLM occasionally fails to add required components to requests.
What should I check if an HTTP/2 request fails?
Examine the request for forbidden headers. The HTTP/2 tool parameter specifies that such headers should be excluded, but the model may ignore this instruction.
How can I fix CRLF line endings in HTTP/1.1 requests?
Some MCP clients cannot send \r\n. BurpMCP can automatically replace LF with CRLF. Enable this feature in the extension settings.
Why does the LLM sometimes hang after an error response?
Some MCP clients do not acknowledge error responses promptly. The best workaround is to use a client that supports timeouts, such as Cline.
Are there limitations when resending requests over HTTP/2?
Headers are joined by newlines and re‑split before sending, and cookies become separate headers. This makes manual injection of newlines into header values difficult, limiting HTTP/2 protocol vulnerability testing.
More Developer Tools MCP servers
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
Grafana MCP server
grafanaMCP server for Grafana
Comments