MCP Overview

Model Context Protocol (MCP) lets external AI clients use Burp data and actions through a controlled interface.

What MCP Enables

With MCP enabled, an external AI client can:

query Burp history,
run analysis tools,
send controlled requests,
create issues programmatically.

This keeps the operator in control while expanding automation options.

Connection Topology

Primary transport for MCP clients.

Default endpoint:

http://127.0.0.1:9876/sse

For external access, enable TLS and include Authorization: Bearer <token>.

Cloud Client Setup (SSE via stdio bridge)

Some desktop clients expect a stdio MCP process. supergateway bridges to Burp SSE.

{
  "mcpServers": {
    "burp-ai-agent": {
      "command": "npx",
      "args": [
        "-y",
        "supergateway",
        "--sse",
        "http://127.0.0.1:9876/sse"
      ]
    }
  }
}

If token is required:

{
  "mcpServers": {
    "burp-ai-agent": {
      "command": "npx",
      "args": [
        "-y",
        "supergateway",
        "--sse",
        "http://127.0.0.1:9876/sse",
        "--oauth2Bearer",
        "your-token"
      ]
    }
  }
}

Features

SSE and optional STDIO transport.
53+ tools across Burp workflows.
Unsafe-tool gating.
Configurable request limiter and body-size caps.
Health endpoint (GET /__mcp/health).
Privacy-aware tool output filtering.

Next Steps

PreviousOpenCode CLI NextSecurity Model

Last updated 16 days ago

Good afternoon

hashtagWhat MCP Enables

hashtagConnection Topology

hashtagCloud Client Setup (SSE via stdio bridge)

hashtagFeatures

hashtagNext Steps

What MCP Enables

Connection Topology

Cloud Client Setup (SSE via stdio bridge)

Features

Next Steps