Overview
What is Burpsuite MCP Server?
A Model Context Protocol (MCP) server that provides an interface for AI assistants to interact with Burpsuite Professional for web security testing and vulnerability scanning. It offers tools to start scans, check status, retrieve issues, view proxy history, and access the site map.
How to use Burpsuite MCP Server?
Install the server by running npm install and npm run build. Then add it to your MCP settings configuration file as a node command pointing to the built index.js. Once configured, an AI assistant can invoke its tools (e.g., start_scan, get_scan_status) to perform security testing tasks.
Key features of Burpsuite MCP Server
- Start vulnerability scans (passive, active, or full) on a target URL
- Check the status and retrieve issues of a running scan
- Filter scan issues by severity level (high, medium, low, info, all)
- Access HTTP/HTTPS traffic captured by Burp Proxy with optional filters
- View site structure discovered during scanning and browsing
Use cases of Burpsuite MCP Server
- AI-driven vulnerability scanning of web applications
- Automated retrieval and analysis of proxy traffic from Burp Suite
- Continuous monitoring of scan progress and results
- Querying discovered site structure for security assessment
- Integrating Burpsuite capabilities into larger security automation workflows
FAQ from Burpsuite MCP Server
What tools does the server expose?
The server provides five tools: start_scan, get_scan_status, get_scan_issues, get_proxy_history, and get_site_map. Each has configurable parameters for targeting and filtering.
How do I install and configure the server?
Build the project with npm install && npm run build, then add a configuration entry to your MCP settings file with the command node and the path to build/index.js.
Does the server currently connect to a real Burpsuite instance?
No, the current release provides mock functionality. Future enhancements will enable connection to a real Burpsuite Professional instance via its REST API with authentication.
What resources are available via the MCP server?
Resources include scan results at burpsuite://scan/{scanId}, issue details at burpsuite://scan/{scanId}/issue/{issueId}, proxy history at burpsuite://proxy/history and individual items, and the site map at burpsuite://sitemap.
Can I filter proxy history or scan issues?
Yes. get_proxy_history accepts optional filters for host, HTTP method, status code, and a limit. get_scan_issues allows filtering by severity (high, medium, low, info, or all).