Is BurpMCP Ultra safe to use?

BurpMCP Ultra has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install BurpMCP Ultra?

BurpMCP Ultra can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with BurpMCP Ultra?

BurpMCP Ultra is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is BurpMCP Ultra actively maintained?

BurpMCP Ultra is actively maintained — last commit was 6 days ago. It has 5 GitHub stars.

BurpMCP-Ultra

The most powerful MCP server for Burp Suite Professional

137 Tools • 14 Resources • 12 Event Types • Real-time Dashboard • Full Montoya API Coverage

Quick Start • All Tools • Features • Dashboard • Setup Guides

BurpMCP-Ultra is a native Kotlin Burp Suite extension with an embedded MCP (Model Context Protocol) server. Drop a single JAR into Burp, connect Claude Code or any MCP client, and control every aspect of Burp Suite programmatically through AI agents.

Why BurpMCP-Ultra?

| | BurpMCP-Ultra | burp-ai-agent | PortSwigger Official | |---|:---:|:---:|:---:| | MCP Tools | 137 | 53 | 12 | | Custom Scan Checks | BCheck + Script | - | - | | WebSocket Testing | Full lifecycle | - | - | | Inline Fuzzer | 3 modes (FUZZ/Marker/Offset) | - | - | | Race Condition Testing | Single-packet attack | - | - | | Auth Level Diffing | IDOR/privesc detection | - | - | | API Schema Import | OpenAPI/Swagger | - | - | | Passive Intel Extraction | 30+ patterns | - | - | | Real-time Dashboard | Web + Swing | - | - | | Event Streaming | 12 event types | - | - | | Response Variation Analysis | Blind injection detect | - | - | | Request Chain Macros | Multi-step with token extraction | - | - | | Collaborator OOB | Full create/poll/correlate | Partial | Partial |

Quick Start

1. Build

git clone https://github.com/Cy-S3c/BurpMCP-Ultra.git
cd BurpMCP-Ultra
./gradlew shadowJar

Output: build/libs/burpmcp-ultra-2.0.1.jar (13 MB)

2. Load into Burp

Burp Suite Pro > Extensions > Add
Select the JAR
BurpMCP-Ultra tab appears with green "Running" status

3. Connect Claude Code

{
  "mcpServers": {
    "burp": {
      "type": "sse",
      "url": "http://127.0.0.1:9876/sse"
    }
  }
}

Add to ~/.claude.json or your project's .mcp.json.

4. Open Dashboard

Browse to http://127.0.0.1:9878 for the real-time web dashboard.

Setup Guides

Claude Code (Direct SSE)

The simplest setup. Add to your MCP config:

{
  "mcpServers": {
    "burp": {
      "type": "sse",
      "url": "http://127.0.0.1:9876/sse"
    }
  }
}

Config file locations:

Global: ~/.claude.json
Per-project: .mcp.json in project root

Claude Code via Caddy (Recommended for Stability)

Caddy prevents SSE timeout disconnections and provides reliable buffering.

Install Caddy:

sudo apt install caddy

Create /etc/caddy/Caddyfile:

:9900 {
    reverse_proxy 127.0.0.1:9876 {
        transport http {
            read_timeout 0
            write_timeout 0
            response_header_timeout 0
        }
        flush_interval -1
        header_up Connection {>Connection}
        header_up Upgrade {>Upgrade}
    }
}

sudo systemctl restart caddy

Then use port 9900 in your MCP config:

{
  "mcpServers": {
    "burp": {
      "type": "sse",
      "url": "http://127.0.0.1:9900/sse"
    }
  }
}

Pre-built Caddyfile included: configs/Caddyfile

Claude Desktop (stdio via proxy)

Claude Desktop only supports stdio transport. Use supergateway as a bridge:

{
  "mcpServers": {
    "burp": {
      "command": "npx",
      "args": ["-y", "supergateway", "--sse", "http://127.0.0.1:9876/sse"]
    }
  }
}

Automated Setup Script

chmod +x configs/setup.sh
./configs/setup.sh
`

... [View full README on GitHub](https://github.com/Cy-S3c/BurpMCP-Ultra#readme)

BurpMCP Ultra

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion