Is BurpSuite MCP Server safe to use?

BurpSuite MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install BurpSuite MCP Server?

BurpSuite MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can BurpSuite MCP Server do?

BurpSuite MCP Server provides 3 tools: proxy, scanner, logger. See the full tools list on the server page for descriptions and parameters.

What AI clients work with BurpSuite MCP Server?

BurpSuite MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is BurpSuite MCP Server actively maintained?

BurpSuite MCP Server is not actively maintained — last commit was 396 days ago. It has 80 GitHub stars.

BurpSuite MCP Server

Name: BurpSuite MCP Server
Author: X3r0K

by X3r0K

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

80 3 tools GitHub

No known CVEs

MIT license

Stale

Last commit 396d ago

Works with most clients

Transport: stdio, sse, http

3 tools · ~427 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burpsuite-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burpsuite-mcp-server)](https://mcppedia.org/s/burpsuite-mcp-server)

Read me

What BurpSuite MCP Server does

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

63/100across 5 weighted dimensions

How we score →

0255075100

−37

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~427 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is BurpSuite MCP Server safe to use?: BurpSuite MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install BurpSuite MCP Server?: BurpSuite MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can BurpSuite MCP Server do?: BurpSuite MCP Server provides 3 tools: proxy, scanner, logger. See the full tools list on the server page for descriptions and parameters.
What AI clients work with BurpSuite MCP Server?: BurpSuite MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is BurpSuite MCP Server actively maintained?: BurpSuite MCP Server is not actively maintained — last commit was 396 days ago. It has 80 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for BurpSuite MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "burpsuite-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/burpsuite-mcp-server)](https://mcppedia.org/s/burpsuite-mcp-server)

Read me

What BurpSuite MCP Server does

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

🛡️ BurpSuite MCP Server

A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

🚀 Features

🔄 Proxy Tool

Intercept and modify HTTP/HTTPS traffic
View and manipulate requests/responses
Access proxy history
Real-time request/response manipulation

# Intercept a request
curl -X POST "http://localhost:8000/proxy/intercept" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com",
    "method": "GET",
    "headers": {"User-Agent": "Custom"},
    "intercept": true
  }'

# View proxy history
curl "http://localhost:8000/proxy/history"

🔍 Scanner Tool

Active and passive scanning
Custom scan configurations
Real-time issue tracking
Scan status monitoring

# Start a new scan
curl -X POST "http://localhost:8000/scanner/start" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com",
    "scan_type": "active",
    "scan_configurations": {
      "scope": "strict",
      "audit_checks": ["xss", "sqli"]
    }
  }'

# Check scan status
curl "http://localhost:8000/scanner/status/scan_1"

# Stop a scan
curl -X DELETE "http://localhost:8000/scanner/stop/scan_1"

📝 Logger Tool

Comprehensive HTTP traffic logging
Advanced filtering and search
Vulnerability detection
Traffic analysis
Suspicious pattern detection

# Get filtered logs
curl "http://localhost:8000/logger/logs?filter[method]=POST&filter[status_code]=200"

# Search logs
curl "http://localhost:8000/logger/logs?search=password"

# Get vulnerability analysis
curl "http://localhost:8000/logger/vulnerabilities"

# Get comprehensive analysis
curl "http://localhost:8000/logger/analysis"

# Clear logs
curl -X DELETE "http://localhost:8000/logger/clear"

curl "http://localhost:8000/logger/vulnerabilities/severity"

🎯 Vulnerability Detection

Automatically detects multiple types of vulnerabilities:

🔥 XSS (Cross-Site Scripting)
💉 SQL Injection
🗂️ Path Traversal
📁 File Inclusion
🌐 SSRF (Server-Side Request Forgery)
📄 XXE (XML External Entity)
🔒 CSRF (Cross-Site Request Forgery)
🔄 Open Redirect
⚡ Command Injection

🛠️ Setup

Clone the repository

git clone https://github.com/X3r0K/BurpSuite-MCP-Server.git
cd BurpSuite-MCP-Server

Install Dependencies

pip install -r requirements.txt

Configure Environment

# Copy .env.example to .env
cp .env.example .env

# Update the values in .env
BURP_API_KEY=Your_API_KEY
BURP_API_HOST=localhost
BURP_API_PORT=1337
BURP_PROXY_HOST=127.0.0.1
BURP_PROXY_PORT=8080
MCP_SERVER_HOST=0.0.0.0
MCP_SERVER_PORT=8000

Start the Server

python main.py

The server will start on http://localhost:8000

📊 Analysis Features

Traffic Analysis

Total requests count
Unique URLs
HTTP method distribution
Status code distribution
Content type analysis
Average response time

Vulnerability Analysis

Vulnerability type summary
Top vulnerable endpoints
Suspicious patterns
Real-time vulnerability detection

Log Filtering

By HTTP method
By status code
By URL pattern
By content type
By content length
By time range
By vulnerability type

🔒 Security Considerations

Run in a secure environment
Configure appropriate authentication
Use HTTPS in

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

63/100across 5 weighted dimensions

How we score →

0255075100

−37

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~427 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is BurpSuite MCP Server safe to use?: BurpSuite MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install BurpSuite MCP Server?: BurpSuite MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can BurpSuite MCP Server do?: BurpSuite MCP Server provides 3 tools: proxy, scanner, logger. See the full tools list on the server page for descriptions and parameters.
What AI clients work with BurpSuite MCP Server?: BurpSuite MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is BurpSuite MCP Server actively maintained?: BurpSuite MCP Server is not actively maintained — last commit was 396 days ago. It has 80 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for BurpSuite MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?