mcp
MCP Server for Burp
claude mcp add --transport stdio portswigger-mcp-server java -jar /path/to/burp-mcp-extension-all.jar \ --env BURP_HOST="127.0.0.1" \ --env BURP_PORT="9876"
How to use
This MCP server extension provides a bridge between Burp Suite and AI clients using the Model Context Protocol (MCP). It runs inside Burp and exposes an MCP server that can be consumed by MCP clients, or via the packaged Stdio proxy server for clients that only support Stdio. The extension exposes a web API (SSE) at your configured host and port (default http://127.0.0.1:9876) which clients can connect to, or you can use the bundled proxy to forward requests to the SSE server for clients that require a Stdio-style interface. To use it, load the extension in Burp Suite, ensure the MCP server is enabled, and configure your MCP client to point at the Burp MCP server (either the SSE endpoint or the Stdio proxy if you're using that path).
You can configure the client's MCP connection to Burp by pointing to http://127.0.0.1:9876 (or /sse for SSE paths) and, if using Claude Desktop, rely on the automatic installer to configure Claude to connect through the Burp MCP server. The extension also supports tools that can edit Burp config files, and you can adjust the host/port under the Advanced options in Burp's MCP tab.
How to install
Prerequisites:
- Java installed and available on your PATH (verify with java --version).
- jar command available on your PATH (verify with jar --version).
Installation steps:
-
Clone the repository: git clone https://github.com/PortSwigger/mcp-server.git
-
Navigate to the project directory: cd mcp-server
-
Build the extension JAR using Gradle: ./gradlew embedProxyJar
-
Locate the built JAR (Burp extension) at: build/libs/burp-mcp-all.jar
-
Load the extension into Burp Suite:
- Open Burp Suite.
- Go to Extensions > Extensions tab.
- Set Extension Type to Java.
- Click Select file and choose the Burp JAR built in step 3/4.
- Click Next to load the extension.
-
Verify the extension is active and the MCP server is enabled in Burp's MCP settings.
Additional notes
Notes and tips:
- The MCP server defaults to listening on http://127.0.0.1:9876. You can adjust the host/port in Burp's MCP configuration (Advanced options).
- For Claude Desktop users, the extension provides automatic configuration to connect Claude to the Burp MCP server. Claude Desktop uses a Stdio proxy to communicate with Burp when the client only supports Stdio MCP, and the proxy forwards requests to the SSE server running in Burp.
- If you need a pure SSE server endpoint, connect your client to http://127.0.0.1:9876 or http://127.0.0.1:9876/sse depending on the client configuration.
- If you must use the Stdio MCP Proxy, you can run the packaged proxy jar and point your client to its --sse-url parameter as shown in the README.
- Tools defined in the source can be extended by adding new serializable data classes in the Tools.kt file; this enables new capabilities to be surfaced to MCP clients.
Related MCP Servers
burp-ai-agent
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
codecompanion-history.nvim
A history management extension for codecompanion AI chat plugin that enables saving, browsing and restoring chat sessions.
paiml -agent-toolkit
Pragmatic AI Labs MCP Agent Toolkit - An MCP Server designed to make code with agents more deterministic
mcp-kotlin-sdk
Kotlin implementation of the Model Context Protocol (MCP)
k8s-ai
AI-Powered Kubernetes Management System: A platform combining natural language processing with Kubernetes management. Users can perform real-time diagnostics, resource monitoring, and smart log analysis. It simplifies Kubernetes management through conversational AI, providing a modern alternative
jqassistant-graph-rag
Source code graph RAG (graphRAG) for Java/Kotlin development based on jQAssistant
