Burp Suite MCP Server

MCPOpen Source22.2

by N0el4kLs • Analytics & Monitoring

A lightweight MCP server that lets LLM agents query Burp Suite proxy HTTP history using SQL-like queries to retrieve specific request/response fields for security testing and analysis.

Example Use Cases

1
Search and extract specific entries from Burp Suite proxy history (e.g., requests/responses by URL, method, or status code) to provide contextual vulnerability analysis.
2
Retrieve only selected HTTP fields (raw request, response body, headers) to keep model context concise while investigating issues.
3
Run SQL-like queries over Burp HTTP history to automate triage, fuzzing follow-ups, or evidence collection during security assessments.

Description

This project provides a model context protocol (MCP) server that exposes Burp Suite proxy history to LLMs, allowing targeted retrieval of raw requests, response bodies, headers, status codes, URLs, hosts, and other fields. It supports SQL-like query syntax and lets callers specify which HTTP history fields to return to avoid excessively long contexts. The server is implemented as a Burp extension (Java) that runs an HTTP server (default port 8889) and a Python client entrypoint; it is aimed at researchers and penetration testers who want programmatic LLM access to Burp data.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D41/100

3/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

OwnerN0el4kLs

CategoryAnalytics & Monitoring

DependenciesStandalone