Burp Suite MCP Server
by N0el4kLs
BurpSuiteMCP is a Model Context Protocol server that allows LLMs to retrieve data from Burp Suite proxy history, helping security researchers and penetration testers perform security testing and analysis more effectively. It is inspired by GhidraMCP.
Last updated: N/A
What is Burp Suite MCP Server?
BurpSuiteMCP is a Model Context Protocol server that enables LLMs to access and query data from Burp Suite's proxy history using SQL-like syntax.
How to use Burp Suite MCP Server?
- Install the Burp Suite extension (MCPBurpExtension.jar) in Burp Suite, which starts an HTTP server on port 8889. 2. Install Python dependencies using
uv sync. 3. Configure the MCP Client with the path to theburpsuite_mcp.pyscript.
Key features of Burp Suite MCP Server
SQL-based data querying of Burp Suite proxy history
Retrieval of raw requests, request types, URLs, hosts, request bodies, raw responses, response types, status codes, and response bodies
Ability to specify returned fields from HTTP History to avoid excessive context length
Integration with LLMs for security analysis
Use cases of Burp Suite MCP Server
Automated vulnerability analysis using LLMs
Enhanced penetration testing workflows
Security research and data mining from proxy history
Generating attack payloads based on historical data
FAQ from Burp Suite MCP Server
What are the prerequisites for using BurpSuiteMCP?
What are the prerequisites for using BurpSuiteMCP?
Java 17 or higher and Python 3.11 or higher are required.
How do I install the Burp Suite extension?
How do I install the Burp Suite extension?
Download the MCPBurpExtension.jar, open Burp Suite's 'Extensions' tab, click 'Add', select 'Java extension', and choose the downloaded JAR file.
What data can I retrieve from Burp Suite's proxy history?
What data can I retrieve from Burp Suite's proxy history?
You can retrieve raw requests, request types (POST, GET, etc.), request URLs, hosts, request bodies, raw responses, response types, response status codes, and response bodies.
What are the advantages of BurpSuiteMCP over the official MCP server?
What are the advantages of BurpSuiteMCP over the official MCP server?
BurpSuiteMCP allows you to specify the returned fields from HTTP History, avoiding excessive context length issues.
What are the disadvantages of BurpSuiteMCP compared to the official MCP server?
What are the disadvantages of BurpSuiteMCP compared to the official MCP server?
BurpSuiteMCP has fewer features and lacks a UI compared to the official MCP server.