burp

This MCP server extension integrates Burp Suite with AI clients via the Model Context Protocol (MCP). The Burp extension runs a local MCP server that exposes an SSE endpoint at http://localhost:9876/sse, which clients can connect to in order to stream Burp events and exchange context with AI agents. To use it, load the provided MCP extension JAR into Burp Suite (Extensions > Add > Java) and ensure the MCP server is enabled in the extension’s MCP tab. Configure your MCP client to point at the Burp MCP server (the SSE URL above) and, if needed, adjust host/port in Burp’s extension settings. The documentation also describes optional tooling for Claude Desktop and a bundled Stdio proxy path if your client requires it. With the MCP server active, clients can trigger Burp actions, crawl and scan tasks, and receive results through the MCP connection.

Prerequisites:

• Java installed and available in PATH
• Burp Suite installed
• Git and a Java build tool (Gradle) if you want to build the bundled JAR from source

Installation steps:

1. Build the MCP extension JAR (if you have the source in this repo):
   • git clone <this-repo-url>
   • cd burp-mcp
   • ./gradlew embedProxyJar
   • The resulting JAR is typically located at build/libs/burp-mcp-all.jar
2. Load the extension into Burp Suite:
   • Open Burp Suite
   • Go to Extensions > Add
   • Set Extension Type to Java
   • Click Select file... and choose the burp-mcp-all.jar built in step 1
   • Click Next to load the extension
3. Configure the MCP server within Burp:
   • Open the MCP tab in Burp’s UI
   • Ensure the MCP Server is Enabled
   • Optionally enable configuration editing if you want tools to modify Burp config via MCP
4. Verify server URL:
   • By default the MCP SSE server should be available at http://127.0.0.1:9876/sse
   • Clients should be configured to use that URL (or http://localhost:9876/sse) depending on their environment

If you prefer a prebuilt path, you can also use the SSE MCP Server directly by pointing clients to http://127.0.0.1:9876 (with or without /sse depending on client compatibility).

Notes and tips:

• The extension is designed as a test/play tool and is not production-grade; use with caution in non-production environments.
• If Claude Desktop is used, the extension can auto-configure Claude to connect via a compatible MCP path; otherwise, you may manually set Claude/other clients to point to http://localhost:9876/sse.
• Ensure Burp Suite is running before starting the MCP server extension so the SSE endpoint is reachable.
• If you encounter issues connecting, check that the host/port (default 127.0.0.1:9876) are not blocked by a firewall and that no other process is already listening on port 9876.
• The provided configuration sample uses the URL form; the MCP config system in this project expects the mapping mcpServers.burp.url as shown. Adjust if your environment requires a different hostname or path.