Burp Suite MCP Server Extension

Overview

Integrate Burp Suite with AI Clients using the Model Context Protocol (MCP). For more information about the protocol visit: modelcontextprotocol.io

Features

• Connect Burp Suite to AI clients through MCP
• Automatic installation for Claude Desktop
• Comes with packaged Stdio MCP proxy server

Usage

• Install the extension in Burp Suite
• Configure your Burp MCP server in the extension settings
• Configure your MCP client to use the Burp SSE MCP server or stdio proxy
• Interact with Burp through your client!

Installation# Prerequisites

Ensure that the following prerequisites are met before building and installing the extension:

1. Java: Java must be installed and available in your system's PATH.
2. jar Command: The jar command must be executable and available in your system's PATH.

Building the Extension

1. Clone the Repository: Obtain the source code for the MCP Server Extension.

 git clone https://github.com/PortSwigger/mcp-server.git

2. Navigate to the Project Directory: Move into the project's root directory.

 cd burp-mcp

3. Build the JAR File: Use Gradle to build the extension.

 ./gradlew embedProxyJar
```\n\n### Loading the Extension into Burp Suite
1. **Open Burp Suite**: Launch your Burp Suite application.
2. **Access the Extensions Tab**: Navigate to the `Extensions` tab.
3. **Add the Extension**: - Click on `Add`.
- Set `Extension Type` to `Java`.
- Click `Select file ...` and choose the JAR file built in the previous step.
- Click `Next` to load the extension.

## Configuration# Configuring the Extension
Configuration for the extension is done through the Burp Suite UI in the `MCP` tab.
- **Toggle the MCP Server**: The `Enabled` checkbox controls whether the MCP server is active.
- **Enable config editing**: The `Enable tools that can edit your config` checkbox allows the MCP server to expose tools which can edit Burp configuration files.
- **Advanced options**: You can configure the port and host for the MCP server. By default, it listens on `http://127.0.0.1:9876`.

### Claude Desktop Client
To fully utilize the MCP Server Extension with Claude, you need to configure your Claude client settings appropriately.
1. Currently, Claude Desktop only support STDIO MCP Servers for the service it needs.
2. **Configure Claude to use the Burp MCP server** You can do this in one of two ways:
- **Option 1: Run the installer from the extension** This will add the Burp MCP server to the Claude Desktop config.
- **Option 2: Manually edit the config file** Open the file located at `~/Library/Application Support/Claude/claude_desktop_config.json`, and replace or update it with the following:
```json
{
 "mcpServers": {
 "burp": {
 "command": "",
 "args": [ "-jar", "/path/to/mcp/proxy/jar/mcp-proxy-all.jar", "--sse-url", "" ]
 }
 }
}

3. Restart Claude Desktop - assuming Burp is running with the extension loaded.

Manual installations

If you want to install the MCP server manually you can either use the extension's SSE server directly or the packaged Stdio proxy server.\n\n### SSE MCP Server In order to use the SSE server directly you can just provide the url for the server in your client's configuration.

http://127.0.0.1:9876
```\n\n### Stdio MCP Proxy Server
The source code for the proxy server can be found here: [MCP Proxy Server](https://github.com/PortSwigger/mcp-proxy)\n\n### Creating / modifying tools
Tools are defined in `src/main/kotlin/net/portswigger/mcp/tools/Tools.kt`. To define new tools, create a new serializable data class with the required parameters which will come from the LLM.