Is Burp Mcp Agents safe to use?

Burp Mcp Agents has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Burp Mcp Agents?

Burp Mcp Agents can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Burp Mcp Agents?

Burp Mcp Agents is compatible with claude-desktop, cursor, claude-code. It uses sse transport.

Is Burp Mcp Agents actively maintained?

Burp Mcp Agents is less actively maintained — last commit was 131 days ago. It has 211 GitHub stars.

Burp Mcp Agents

Name: Burp Mcp Agents
Author: six2dez

by six2dez

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, ...).

211 0 tools GitHub

No known CVEs

MIT license

Maintained

Last commit 131d ago

Works with most clients

Transport: sse

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopsse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burp-mcp-agents": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burp-mcp-agents)](https://mcppedia.org/s/burp-mcp-agents)

Read me

What Burp Mcp Agents does

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, LM Studio).

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

34/100across 5 weighted dimensions

How we score →

0255075100

−66

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Prompts (8)

passive_hunter

Broad passive vuln surfacing

idor_hunter

IDOR/BOLA discovery

auth_flow_mapper

Auth vs unauth access mapping

ssrf_redirect_hunter

SSRF/open redirect candidates

logic_flaw_hunter

Multi-step logic issues

session_scope_hunter

Token scope/audience misuse

rate_limit_abuse_hunter

Rate-limit and abuse gaps

report_writer

Evidence-based reporting

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Burp Mcp Agents safe to use?: Burp Mcp Agents has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Burp Mcp Agents?: Burp Mcp Agents can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Burp Mcp Agents?: Burp Mcp Agents is compatible with claude-desktop, cursor, claude-code. It uses sse transport.
Is Burp Mcp Agents actively maintained?: Burp Mcp Agents is less actively maintained — last commit was 131 days ago. It has 211 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Burp Mcp Agents and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopsse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burp-mcp-agents": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burp-mcp-agents)](https://mcppedia.org/s/burp-mcp-agents)

Read me

What Burp Mcp Agents does

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, LM Studio).

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Burp MCP Agents

Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, LM Studio).

This repo focuses on wiring, safety-first workflows, and reusable prompts to analyze real Burp traffic.

No fuzzing. No blind scanning. Only real traffic + reasoning.

What this is

Burp MCP Agents is a collection of:

• Backend setup guides (Codex, Gemini, Ollama, LM Studio) • Caddy proxy configuration for MCP SSE • Prompt templates for passive analysis and reporting

Architecture

Burp Suite MCP Server
▲
│
MCP Bridge
│
┌──────────────────────────────────────────────┐
│              │              │                │
Codex CLI   Ollama Agent   Gemini CLI   LM Studio Agent

Supported Backends

Backend	Mode	Privacy	Difficulty
Codex CLI	Cloud	Medium	Easy
Ollama	Local	Full	Advanced
Gemini CLI	Cloud	Medium	Easy
LM Studio	Local	Full	Advanced

Quick start

All setups require:

Burp MCP Server plguin enabled
Caddy reverse proxy (see common/caddy_setup.md)
One backend of your choice

Install the Burp MCP Server extension

Download the Burp MCP Server extension (MCP server jar) from: https://portswigger.net/bappstore/9952290f04ed4f628e624d0aa9dccebc
In Burp Suite: Extender → Extensions → Add → select the jar or from BApp Store.
Start the extension and confirm it listens on 127.0.0.1:9876.

Codex CLI

See: codex/README.md

Example models

Model	Use
gpt-5.2-codex	General use
gpt-5.1	Faster
gpt-5-mini	Low resource

Ollama (fully local)

See: ollama/README.md

Example models

Model	VRAM	Notes
llama3.1:8b-instruct	8GB+	Small, fast
qwen2.5:14b-instruct	16GB	Mid size
llama3.1:70b-instruct	48GB+	Large, high VRAM

Gemini CLI

See: gemini-cli/README.md

Example models

Model	Notes
gemini-2.0-flash	Fast
gemini-2.0-pro	Deeper reasoning

LM Studio (local OpenAI-compatible)

See: lmstudio/README.md

Example models

Model	Notes
llama-3.1-8b-instruct	Small, fast
qwen2.5-14b-instruct	Mid size
llama-3.1-70b-instruct	Large, high VRAM

Prompts

The real power lives in prompts/:

Prompt	Purpose
passive_hunter.md	Broad passive vuln surfacing
idor_hunter.md	IDOR/BOLA discovery
auth_flow_mapper.md	Auth vs unauth access mapping
ssrf_redirect_hunter.md	SSRF/open redirect candidates
logic_flaw_hunter.md	Multi-step logic issues
session_scope_hunter.md	Token scope/audience misuse
rate_limit_abuse_hunter.md	Rate-limit and abuse gaps
report_writer.md	Evidence-based reporting

See prompts/README.md for usage guidance.

Optional launchers

You can use the backend launchers to auto-start Caddy and shut it down when the backend exits.

Source them directly:

source /path/to/burp-mcp-agents/codex/burpcodex.sh
source /path/to/burp-mcp-agents/gemini-cli/burpgemini.sh
source /path/to/burp-mcp-agents/ollama/burpollama.sh
source /path/to/burp-mcp-agents/lmstudio/burplmstudio.sh

Then run:

burpcodex
burpgemini
burpollama deepseek-r1:14b
burplmstudio llama-3.1-8b-instruct

To make these available in every shell, add the source lines to your ~/.zshrc.

What this enables

You are not running a scanner. You are reviewing real traffic with assisted reasoning.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

34/100across 5 weighted dimensions

How we score →

0255075100

−66

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Prompts (8)

passive_hunter

Broad passive vuln surfacing

idor_hunter

IDOR/BOLA discovery

auth_flow_mapper

Auth vs unauth access mapping

ssrf_redirect_hunter

SSRF/open redirect candidates

logic_flaw_hunter

Multi-step logic issues

session_scope_hunter

Token scope/audience misuse

rate_limit_abuse_hunter

Rate-limit and abuse gaps

report_writer

Evidence-based reporting

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Burp Mcp Agents safe to use?: Burp Mcp Agents has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Burp Mcp Agents?: Burp Mcp Agents can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Burp Mcp Agents?: Burp Mcp Agents is compatible with claude-desktop, cursor, claude-code. It uses sse transport.
Is Burp Mcp Agents actively maintained?: Burp Mcp Agents is less actively maintained — last commit was 131 days ago. It has 211 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Burp Mcp Agents and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?