- Home
- MCP servers
- Burpsuite
Burpsuite
- javascript
7
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"cyreslab-ai-burpsuite-mcp-server": {
"command": "node",
"args": [
"/path/to/burpsuite-server/build/index.js"
]
}
}
}You can use the Burpsuite MCP Server to interact with Burp Suite Professional through a Model Context Protocol interface. It lets you start vulnerability scans, monitor progress, retrieve findings, and inspect captured web traffic and site structure from scans.
How to use
You will interact with the Burpsuite MCP Server using an MCP client to perform common security testing tasks. Start a vulnerability scan on a target URL by calling the start_scan tool with the target and the desired scan_type (passive, active, or full). Check the scan status with get_scan_status and fetch the results or issues with get_scan_issues filtered by severity. Retrieve Burp Proxy traffic via get_proxy_history and explore the discovered site structure with get_site_map. Each tool returns data in a structured form that you can present to an analyst or feed into follow-up automation.
How to install
Prerequisites: you need Node.js installed on your system to run the MCP server.
# Install via Smithery (automatic integration)
npx -y @smithery/cli install @Cyreslab-AI/burpsuite-mcp-server --client claude
Manual installation steps, in order, to run the server locally.
# 1. Build the server
cd /path/to/burpsuite-server
npm install
npm run build
# 2. Start the server (example runtime configuration)
# This is the MCP runtime config you would place in your MCP settings
# (See the environment and command details in your config file)
Configure your MCP settings to run the local server. The following is an example configuration you would place in your MCP setup to run the built server locally.
{
"mcpServers": {
"burpsuite": {
"name": "burpsuite",
"type": "stdio",
"command": "node",
"args": ["/path/to/burpsuite-server/build/index.js"],
"env": {},
"disabled": false,
"autoApprove": []
}
}
}
Additional notes and considerations
The server includes mock functionality for now and can be connected to a real Burp Suite Professional instance by configuring Burp Suite to expose its REST API and updating the server implementation to call that API. Ensure you secure communications and authentication when enabling remote access to Burp Suite data.
Available tools
start_scan
Start a new vulnerability scan on a target URL with a specified scan_type (passive, active, or full)
get_scan_status
Check the status of a running scan by providing the scan_id
get_scan_issues
Retrieve vulnerability issues from a scan, with optional severity filtering (high, medium, low, info, or all)
get_proxy_history
Fetch HTTP/HTTPS traffic captured by Burp Proxy with optional filters (host, method, status_code, limit)
get_site_map
Get the site structure discovered during scanning and browsing with optional filters (host, with_parameters, limit)