BurpMCP
@swgee
关于 BurpMCP
Burp Suite Extension with MCP Server to enhance manual application security testing
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"burpmcp": {
"autoApprove": [],
"disabled": false,
"timeout": 30,
"url": "http://localhost:8181/mcp/sse",
"transportType": "sse"
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is BurpMCP?
BurpMCP is a Burp Suite extension that integrates with Model Context Protocol (MCP) clients like Claude Desktop and Cursor, allowing LLMs to assist in manual HTTP-based application security testing. It provides tools to save, send, and modify requests, generate Collaborator payloads, and view debug logs, serving as an AI-powered sidekick for security testers, vulnerability researchers, and bug bounty hunters.
How to use BurpMCP?
Download the jar from releases and load it into Burp. The MCP server runs by default on localhost port 8181 over SSE. Configure your MCP client (e.g., Cline, Dive) with the SSE URL http://localhost:8181/mcp/sse. For STDIO‑only clients like Claude Desktop, use the provided stdio-bridge.py script. To send a request, right‑click it in Burp and select Extensions -> Send to BurpMCP. Saved requests appear in the “Saved Requests” tab and can be retrieved by the LLM.
Key features of BurpMCP
- Save requests for MCP clients to retrieve.
- Send new HTTP/1.1 and HTTP/2 requests.
- Resend saved requests with regex string replacements.
- Generate Collaborator payloads and retrieve interactions.
- View all MCP messages in server logs for debugging.
Use cases of BurpMCP
- Autonomous testing of HTTP-based applications with LLM guidance.
- Navigating unfamiliar attack surfaces with AI‑driven exploration.
- Out‑of‑band vulnerability detection via Collaborator payloads.
- Streamlining repeater‑like tasks for large numbers of requests.
- Debugging LLM‑driven testing workflows by inspecting MCP messages.
FAQ from BurpMCP
Why do models sometimes omit headers like Content‑Length or URL encoding?
This is a known model limitation, not a bug in BurpMCP. The LLM occasionally fails to add required components to requests.
What should I check if an HTTP/2 request fails?
Examine the request for forbidden headers. The HTTP/2 tool parameter specifies that such headers should be excluded, but the model may ignore this instruction.
How can I fix CRLF line endings in HTTP/1.1 requests?
Some MCP clients cannot send \r\n. BurpMCP can automatically replace LF with CRLF. Enable this feature in the extension settings.
Why does the LLM sometimes hang after an error response?
Some MCP clients do not acknowledge error responses promptly. The best workaround is to use a client that supports timeouts, such as Cline.
Are there limitations when resending requests over HTTP/2?
Headers are joined by newlines and re‑split before sending, and cookies become separate headers. This makes manual injection of newlines into header values difficult, limiting HTTP/2 protocol vulnerability testing.
开发工具 分类下的更多 MCP 服务器
Grafana MCP server
grafanaMCP server for Grafana
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.

Sentry
modelcontextprotocolModel Context Protocol Servers
评论