← Back to Burp Suite MCP Server

Install Burp Suite MCP Server

Pick your client, copy the command, done.

monitoring
Manual setup required. The maintainer's config contains paths only you know - edit the placeholders below before adding it to Claude Code.
1

Prepare the server locally

Run this once before adding it to Claude Code.

uv sync
2

Register it in Claude Code

claude mcp add -e "BURP_REST_API_BASE=${BURP_REST_API_BASE}" -e "BURP_REST_API_KEY=${BURP_REST_API_KEY}" -e "BURP_REST_API_VERSION=${BURP_REST_API_VERSION}" burp-mcp -- uv run python /path/to/burp-mcp/main.py

Replace any placeholder paths in the command with the real path on your machine.

Required:BURP_REST_API_BASEBURP_REST_API_KEYBURP_REST_API_VERSION

Environment Variables

Set these before running Burp Suite MCP Server.

VariableDescriptionRequired
BURP_REST_API_BASEThe base URL for the Burp Suite REST APIYes
BURP_REST_API_KEYThe API key for authenticating with Burp SuiteYes
BURP_REST_API_VERSIONThe version of the Burp REST API to useYes

Available Tools (8)

Once configured, Burp Suite MCP Server gives your AI agent access to:

burp_suite_security_issue_definitionsGet Burp's security issue definitions including name, description, remediation, and references.
scan_urls_for_vulnerabilitiesStart a scan for given URLs and return a task_id for tracking.
urlsscope
check_security_scan_progressGet scan status and findings by task_id, filterable by severity.
task_idseverity
get_scan_summaryGet a high-level summary of total issues by severity.
list_active_scansList running or pending scans.
cancel_scanCancel a scan by task_id.
task_id
check_burp_connectivityTest connectivity to Burp API and validate configuration.
wait_for_scan_completionPoll until a scan completes or times out.
task_id

Try It Out

After setup, try these prompts with your AI agent:

Scan https://example.com for vulnerabilities
Check scan progress for task_id 123
Check scan 123 and show only high severity issues
What security issues does Burp know about?
Prerequisites & system requirements
  • An MCP-compatible client (Claude Code, Cursor, Windsurf, Claude Desktop, or Codex)
  • Python 3.8+ with pip installed
  • BURP_REST_API_BASE — The base URL for the Burp Suite REST API
  • BURP_REST_API_KEY — The API key for authenticating with Burp Suite
  • BURP_REST_API_VERSION — The version of the Burp REST API to use
Alternative installation methods

pip

pip install -e .

Keep this setup from going cold

Save the docs, env vars, and workflow around Burp Suite MCP Server in Conare so Claude Code, Codex, and Cursor remember it next time.

Remember this setup
← Burp Suite MCP Server overview Browse monitoring servers →