BurpMCP
2
BurpsuiteMCP is a Model Context Protocol server that enables the retrieval of Burp Suite proxy history data for improved security testing and analysis. It offers SQL-like querying capabilities and is compatible with LLMs.
Burp Suite MCP Server
Overview
BurpsuiteMCP is a Model Context Protocol server that enables LLMs to retrieve data from Burp Suite proxy history, aiding researchers and penetration testers in conducting security tests and analyses more effectively.
Features
- SQL-based Data Query: Retrieve data from Burp Suite proxy history using SQL-like syntax.
- Includes raw request, request type, request URL, host, request body, raw response, response type, response status code, and response body.
- Compared to the official MCP:
- Advantages: Ability to specify return fields in
HTTP History, preventing excessively long contexts. - Disadvantages: Fewer features and no UI.
- Advantages: Ability to specify return fields in
Installation
-
Prerequisites
- Java 17 or later
- Python 3.11 or later
-
Installation Steps
- Install the Burp Suite extension by downloading the latest
MCPBurpExtension.jar, adding it as a Java extension, and it will start an HTTP server on port 8889. - Install Python dependencies.
- Install the Burp Suite extension by downloading the latest
Usage
Basic usage involves using the MCP Client.