Burpsuite

Provides an MCP interface to Burp Suite Professional for scans, proxy history, and site maps.
  • javascript

7

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cyreslab-ai-burpsuite-mcp-server": {
      "command": "node",
      "args": [
        "/path/to/burpsuite-server/build/index.js"
      ]
    }
  }
}

You can use the Burpsuite MCP Server to interact with Burp Suite Professional through a Model Context Protocol interface. It lets you start vulnerability scans, monitor progress, retrieve findings, and inspect captured web traffic and site structure from scans.

How to use

You will interact with the Burpsuite MCP Server using an MCP client to perform common security testing tasks. Start a vulnerability scan on a target URL by calling the start_scan tool with the target and the desired scan_type (passive, active, or full). Check the scan status with get_scan_status and fetch the results or issues with get_scan_issues filtered by severity. Retrieve Burp Proxy traffic via get_proxy_history and explore the discovered site structure with get_site_map. Each tool returns data in a structured form that you can present to an analyst or feed into follow-up automation.

How to install

Prerequisites: you need Node.js installed on your system to run the MCP server.

# Install via Smithery (automatic integration)
npx -y @smithery/cli install @Cyreslab-AI/burpsuite-mcp-server --client claude

Manual installation steps, in order, to run the server locally.

# 1. Build the server
cd /path/to/burpsuite-server
npm install
npm run build

# 2. Start the server (example runtime configuration)
# This is the MCP runtime config you would place in your MCP settings
# (See the environment and command details in your config file)

Configure your MCP settings to run the local server. The following is an example configuration you would place in your MCP setup to run the built server locally.

{
  "mcpServers": {
    "burpsuite": {
      "name": "burpsuite",
      "type": "stdio",
      "command": "node",
      "args": ["/path/to/burpsuite-server/build/index.js"],
      "env": {},
      "disabled": false,
      "autoApprove": []
    }
  }
}

Additional notes and considerations

The server includes mock functionality for now and can be connected to a real Burp Suite Professional instance by configuring Burp Suite to expose its REST API and updating the server implementation to call that API. Ensure you secure communications and authentication when enabling remote access to Burp Suite data.

Available tools

start_scan

Start a new vulnerability scan on a target URL with a specified scan_type (passive, active, or full)

get_scan_status

Check the status of a running scan by providing the scan_id

get_scan_issues

Retrieve vulnerability issues from a scan, with optional severity filtering (high, medium, low, info, or all)

get_proxy_history

Fetch HTTP/HTTPS traffic captured by Burp Proxy with optional filters (host, method, status_code, limit)

get_site_map

Get the site structure discovered during scanning and browsing with optional filters (host, with_parameters, limit)

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Burpsuite MCP Server - cyreslab-ai/burpsuite-mcp-server | VeilStrat