Is Burp Mcp Server safe to use?

Burp Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under GPL-3.0.

How do I install Burp Mcp Server?

Burp Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Burp Mcp Server?

Burp Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Burp Mcp Server actively maintained?

Burp Mcp Server is less actively maintained — last commit was 286 days ago. It has 16 GitHub stars.

Burp Mcp Server

Name: Burp Mcp Server
Author: dinosn

by dinosn

16 0 tools GitHub

No known CVEs

GPL-3.0 license

Stale

Last commit 286d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burp": {
      "url": "http://localhost:9876/sse"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burp-mcp-server)](https://mcppedia.org/s/burp-mcp-server)

Read me

What Burp Mcp Server does

Load the jar file as Java extension. Require approval it's up to you, as it will give you a prompt each time is used.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Burp Mcp Server safe to use?: Burp Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under GPL-3.0.
How do I install Burp Mcp Server?: Burp Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Burp Mcp Server?: Burp Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Burp Mcp Server actively maintained?: Burp Mcp Server is less actively maintained — last commit was 286 days ago. It has 16 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Burp Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burp": {
      "url": "http://localhost:9876/sse"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burp-mcp-server)](https://mcppedia.org/s/burp-mcp-server)

Read me

What Burp Mcp Server does

Load the jar file as Java extension. Require approval it's up to you, as it will give you a prompt each time is used.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Burp Suite MCP Server Extension with scan and crawl features

This an extended MCP Server Extension for BurpSuite proxy with scan and crawl based on the original.

For Building instructions follow below the original README as provided from PortSwigger, for direct use, load the extension provided on your Burp proxy.

Load the jar file as Java extension. Require approval it's up to you, as it will give you a prompt each time is used.

The following is a sample for Cursor

{
  "mcpServers": {
    "burp": {
      "url": "http://localhost:9876/sse"
    }
  }
}

Sample content

Notes: This is meant to be a test/play tool nothing official nothing production.

==== Official readme below ====

Overview

Integrate Burp Suite with AI Clients using the Model Context Protocol (MCP).

For more information about the protocol visit: modelcontextprotocol.io

Features

Connect Burp Suite to AI clients through MCP
Automatic installation for Claude Desktop
Comes with packaged Stdio MCP proxy server

Usage

Install the extension in Burp Suite
Configure your Burp MCP server in the extension settings
Configure your MCP client to use the Burp SSE MCP server or stdio proxy
Interact with Burp through your client!

Installation

Prerequisites

Ensure that the following prerequisites are met before building and installing the extension:

Java: Java must be installed and available in your system's PATH. You can verify this by running java --version in your terminal.
jar Command: The jar command must be executable and available in your system's PATH. You can verify this by running jar --version in your terminal. This is required for building and installing the extension.

Building the Extension

Clone the Repository: Obtain the source code for the MCP Server Extension.
```
git clone https://github.com/PortSwigger/mcp-server.git
```
Navigate to the Project Directory: Move into the project's root directory.
```
cd burp-mcp
```
Build the JAR File: Use Gradle to build the extension.
```
./gradlew embedProxyJar
```
This command compiles the source code and packages it into a JAR file located in build/libs/burp-mcp-all.jar.

Loading the Extension into Burp Suite

Open Burp Suite: Launch your Burp Suite application.
Access the Extensions Tab: Navigate to the Extensions tab.
Add the Extension:
- Click on Add.
- Set Extension Type to Java.
- Click Select file ... and choose the JAR file built in the previous step.
- Click Next to load the extension.

Upon successful loading, the MCP Server Extension will be active within Burp Suite.

Configuration

Configuring the Extension

Configuration for the extension is done through the Burp Suite UI in the MCP tab.

Toggle the MCP Server: The Enabled checkbox controls whether the MCP server is active.
Enable config editing: The Enable tools that can edit your config checkbox allows the MCP server to expose tools which can edit Burp configuration files.
Advanced options: You can configure the port and h

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Burp Mcp Server safe to use?: Burp Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under GPL-3.0.
How do I install Burp Mcp Server?: Burp Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Burp Mcp Server?: Burp Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Burp Mcp Server actively maintained?: Burp Mcp Server is less actively maintained — last commit was 286 days ago. It has 16 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Burp Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?