MCP 服务器

Burp Suite MCP Server Extension

MCP Server for Burp

PortSwigger

开发者工具

访问服务器

README

Burp Suite MCP Server Extension

Overview

Integrate Burp Suite with AI Clients using the Model Context Protocol (MCP).

For more information about the protocol visit: modelcontextprotocol.io

Features

Connect Burp Suite to AI clients through MCP
Automatic installation for Claude Desktop
Comes with packaged Stdio MCP proxy server

Usage

Install the extension in Burp Suite
Configure your Burp MCP server in the extension settings
Configure your MCP client to use the Burp SSE MCP server or stdio proxy
Interact with Burp through your client!

Installation

Building the Extension

Clone the Repository: Obtain the source code for the MCP Server Extension.
```
git clone https://github.com/PortSwigger/mcp-server.git
```
Navigate to the Project Directory: Move into the project's root directory.
```
cd burp-mcp
```
Build the JAR File: Use Gradle to build the extension.
```
./gradlew embedProxyJar
```
This command compiles the source code and packages it into a JAR file located in build/libs/burp-mcp-all.jar.

Loading the Extension into Burp Suite

Open Burp Suite: Launch your Burp Suite application.
Access the Extensions Tab: Navigate to the Extensions tab.
Add the Extension:
- Click on Add.
- Set Extension Type to Java.
- Click Select file ... and choose the JAR file built in the previous step.
- Click Next to load the extension.

Upon successful loading, the MCP Server Extension will be active within Burp Suite.

Configuration

Configuring the Extension

Configuration for the extension is done through the Burp Suite UI in the MCP tab.

Toggle the MCP Server: The Enabled checkbox controls whether the MCP server is active.
Enable config editing: The Enable tools that can edit your config checkbox allows the MCP server to expose tools which can edit Burp configuration files.
Advanced options: You can configure the port and host for the MCP server. By default, it listens on http://127.0.0.1:9876.

Claude Desktop Client

To fully utilize the MCP Server Extension with Claude, you need to configure your Claude client settings appropriately. The extension has an installer which will automatically configure the client settings for you.

Currently, Claude Desktop only support STDIO MCP Servers for the service it needs. This approach isn't ideal for desktop apps like Burp, so instead, Claude will start a proxy server that points to the Burp instance,
which hosts a web server at a known port (localhost:9876).

Configure Claude to use the Burp MCP server
You can do this in one of two ways:

Option 1: Run the installer from the extension This will add the Burp MCP server to the Claude Desktop config.

Option 2: Manually edit the config file
Open the file located at ~/Library/Application Support/Claude/claude_desktop_config.json, and replace or update it with the following:

{
  "mcpServers": {
    "burp": {
      "command": "<path to Java executable packaged with Burp>",
      "args": [
          "-jar",
          "/path/to/mcp/proxy/jar/mcp-proxy-all.jar",
          "--sse-url",
          "<your Burp MCP server URL configured in the extension>"
      ]
    }
  }
}

Restart Claude Desktop - assuming Burp is running with the extension loaded.

Manual installations

If you want to install the MCP server manually you can either use the extension's SSE server directly or the packaged Stdio proxy server.

SSE MCP Server

In order to use the SSE server directly you can just provide the url for the server in your client's configuration. Depending on your client and your configuration in the extension this may be with or without the /sse path.

http://127.0.0.1:9876

http://127.0.0.1:9876/sse

Stdio MCP Proxy Server

The source code for the proxy server can be found here: MCP Proxy Server

In order to support MCP Clients which only support Stdio MCP Servers, the extension comes packaged with a proxy server for passing requests to the SSE MCP server extension.

If you want to use the Stdio proxy server you can use the extension's installer option to extract the proxy server jar. Once you have the jar you can add the following command and args to your client configuration:

/path/to/packaged/burp/java -jar /path/to/proxy/jar/mcp-proxy-all.jar --sse-url http://127.0.0.1:9876

Creating / modifying tools

Tools are defined in src/main/kotlin/net/portswigger/mcp/tools/Tools.kt. To define new tools, create a new serializable data class with the required parameters which will come from the LLM.

The tool name is auto-derived from its parameters data class. A description is also needed for the LLM. You can return a string (or richer PromptMessageContents) to provide data back to the LLM.

Extend the Paginated interface to add auto-pagination support.