Tools Reference

Canonical reference for every MCP tool exposed by the extension. There are 59 MCP tools in total. Each category has a summary table (safety, default exposure, Pro-only flag, one-line description) followed by per-tool input schemas.

Extension-Native vs Generic Tools

The tools split into two groups, which the build you load decides between:

Extension-native (AI) tools — 8 total: status, issue_create, ai_analyze, ai_passive_scan, ai_findings_recent, redact_preview, ai_audit_query, ai_backends_list. These are present in both the BApp Store build and the full build. They are marked Native = Yes in the tables below.
Generic (Montoya) tools — 51 total: every other tool on this page (proxy history, repeater, scanner, scope, site map, intruder, Collaborator, utilities, etc.). These are present only in the full build (GitHub releases). The BApp Store build does not expose them — for those, run PortSwigger's official Burp MCP Server alongside this extension. They are marked Native = No.

The redesigned MCP Tools settings tab mirrors this split: tools are grouped into extension-native (AI) vs generic (Montoya), each tagged store-build or full-build, with search/filter and per-group bulk toggles.

Conventions:

Native = Yes means the tool is extension-native and registered in both the BApp Store and full builds. Native = No means it is a generic Montoya tool, registered only in the full build.
Unsafe = Yes means the tool can mutate Burp state or send traffic to targets. Tools marked unsafe are gated behind the Enable Unsafe Tools master switch in Settings → MCP Server.
Default enabled = Yes means the tool is available in agent profiles without an explicit opt-in.
Pro only = Yes means the tool requires Burp Suite Professional. Community-edition clients see it return an error if invoked.
Input fields: none means the tool takes no parameters.

AI (extension-native)

These tools call or support the extension's AI engine and are present in every build. The AI-calling tools (ai_analyze, ai_passive_scan) check ai.isEnabled() before issuing a request, so the configured AI setting is respected.

Tool

Native

Unsafe

Default enabled

Pro only

Description

ai_analyze

Yes

Sends text to the active AI backend and returns the analysis result.

ai_passive_scan

Yes

Queues requests for AI passive security analysis and returns the count enqueued.

ai_findings_recent

Yes

Returns the most recent AI passive scan findings (up to n).

redact_preview

Yes

Applies the extension's privacy redaction engine to arbitrary text and returns the redacted result.

ai_audit_query

Yes

Returns recent AI request audit log entries (hashes only unless verbose mode is enabled).

ai_backends_list

Yes

Lists available AI backends and reports the current active backend and connection state.

status and issue_create are also extension-native; see the Extension and Issues categories below.

ai_analyze

Name

Type

Required

Default

text

String

Yes

—

jsonMode

Boolean

false

maxOutputTokens

Int?

null

ai_passive_scan

Name

Type

Required

Default

proxyHistoryIndices

List<Int>

emptyList()

siteMapUrl

String?

null

maxRequests

Int

10

ai_findings_recent

Name

Type

Required

Default

n

Int

10

redact_preview

Name

Type

Required

Default

text

String

Yes

—

mode

String

"STRICT"

ai_audit_query

Name

Type

Required

Default

n

Int

20

ai_backends_list

Input fields: none.

Burp Control

Tool

Native

Unsafe

Default enabled

Pro only

Description

proxy_intercept

Yes

Enables or disables Proxy intercept.

task_engine_state

Yes

Sets Burp's task execution engine to paused or running.

proxy_intercept

Name

Type

Required

Default

intercepting

Boolean

Yes

—

task_engine_state

Name

Type

Required

Default

running

Boolean

Yes

—

Collaborator

Tool

Native

Unsafe

Default enabled

Pro only

Description

collaborator_generate

Yes

Generates a Burp Collaborator payload.

collaborator_poll

Yes

Fetches interactions for a Collaborator secret key.

collaborator_generate

Name

Type

Required

Default

customData

String?

null

options

List<String>

emptyList()

collaborator_poll

Name

Type

Required

Default

secretKey

String

Yes

—

includeHttp

Boolean

false

Config

Tool

Native

Unsafe

Default enabled

Pro only

Description

project_options_get

Outputs project-level configuration as JSON.

project_options_set

Yes

Sets project-level configuration from JSON.

user_options_get

Outputs user-level configuration as JSON.

user_options_set

Yes

Sets user-level configuration from JSON.

project_options_get

Input fields: none.

project_options_set

Name

Type

Required

Default

json

String

Yes

—

user_options_get

Input fields: none.

user_options_set

Name

Type

Required

Default

json

String

Yes

—

Editor

Tool

Native

Unsafe

Default enabled

Pro only

Description

editor_get

Outputs the contents of the active message editor.

editor_set

Yes

Sets the content of the active message editor.

editor_get

Input fields: none.

editor_set

Name

Type

Required

Default

text

String

Yes

—

Issues

Tool

Native

Unsafe

Default enabled

Pro only

Description

issue_create

Yes

Creates a custom audit issue in Burp's issue list.

issue_create

Name

Type

Required

Default

name

String

Yes

—

detail

String

Yes

—

baseUrl

String

Yes

—

severity

String

Yes

—

confidence

String

Yes

—

remediation

String?

null

background

String?

null

remediationBackground

String?

null

typicalSeverity

String?

null

httpRequest

String?

null

httpResponseContent

String?

null

targetHostname

String

""

targetPort

Int

443

usesHttps

Boolean

true

See Issue Creation (MCP) for guidance on building well-formed issue payloads.

Extension

Tool

Native

Unsafe

Default enabled

Pro only

Description

status

Yes

Returns basic extension and Burp status.

status

Input fields: none.

History

Tool

Native

Unsafe

Default enabled

Pro only

Description

proxy_history_annotate

Yes

Adds notes/highlights to proxy history items matching a regex.

proxy_http_history

Yes

Displays items within the proxy HTTP history.

proxy_http_history_regex

Yes

Displays proxy HTTP history items matching a regex.

proxy_ws_history

Yes

Displays items within the proxy WebSocket history.

proxy_ws_history_regex

Yes

Displays WebSocket history items matching a regex.

response_body_search

Yes

Searches response bodies in proxy history using a regex.

History tools that surface proxy data flow through the MCP proxy-history preprocessor (see Settings → MCP Server → MCP Proxy History Preprocessing).

proxy_history_annotate

Name

Type

Required

Default

regex

String

Yes

—

note

String

Yes

—

highlight

String?

null

scopeOnly

Boolean

true

limit

Int

20

proxy_http_history

Name

Type

Required

Default

count

Int

Yes

—

offset

Int

Yes

—

proxy_http_history_regex

Name

Type

Required

Default

regex

String

Yes

—

count

Int

Yes

—

offset

Int

Yes

—

proxy_ws_history

Name

Type

Required

Default

count

Int

Yes

—

offset

Int

Yes

—

proxy_ws_history_regex

Name

Type

Required

Default

regex

String

Yes

—

count

Int

Yes

—

offset

Int

Yes

—

response_body_search

Name

Type

Required

Default

regex

String

Yes

—

count

Int

5

offset

Int

0

scopeOnly

Boolean

true

Requests

Tool

Native

Unsafe

Default enabled

Pro only

Description

comparer_send

Yes

Sends one or more items to Burp Comparer.

diff_requests

Yes

Produces a line diff between two requests.

find_reflected

Yes

Finds reflected parameter values in a response.

http1_request

Yes

Issues an HTTP/1.1 request and returns the response. Optional in agent profiles.

http2_request

Yes

Issues an HTTP/2 request and returns the response. Optional in agent profiles.

insertion_points

Yes

Lists insertion point offsets for a request.

intruder

Yes

Sends a request to Intruder.

intruder_prepare

Yes

Creates an Intruder tab with explicit insertion points.

params_extract

Yes

Extracts parameters from a request.

repeater_tab

Yes

Creates a new Repeater tab with the specified HTTP request.

repeater_tab_with_payload

Yes

Creates a Repeater tab after applying placeholder replacements.

request_parse

Yes

Parses a raw HTTP request into method, path, headers, parameters, and body.

response_parse

Yes

Parses a raw HTTP response into status, headers, and body.

http1_request and http2_request require Enable Unsafe Tools in the MCP Server tab. The built-in agent profiles (pentester, bughunter, auditor) list these tools as optional — no validation warning is shown when they are disabled. Custom profiles that explicitly reference these tools will warn until Unsafe Tools are enabled.

comparer_send

Name

Type

Required

Default

items

List<String>

Yes

—

diff_requests

Name

Type

Required

Default

requestA

String

Yes

—

requestB

String

Yes

—

find_reflected

Name

Type

Required

Default

request

String

Yes

—

response

String

Yes

—

http1_request

Name

Type

Required

Default

content

String

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

http2_request

Name

Type

Required

Default

pseudoHeaders

Map<String, String>

Yes

—

headers

Map<String, String>

Yes

—

requestBody

String

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

insertion_points

Name

Type

Required

Default

content

String

Yes

—

mode

String

"REPLACE_BASE_PARAMETER_VALUE_WITH_OFFSETS"

intruder

Name

Type

Required

Default

tabName

String?

Yes

—

content

String

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

intruder_prepare

Name

Type

Required

Default

tabName

String?

Yes

—

content

String

Yes

—

insertionPoints

List<InsertionPointRange>

emptyList()

mode

String

"REPLACE_BASE_PARAMETER_VALUE_WITH_OFFSETS"

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

params_extract

Name

Type

Required

Default

content

String

Yes

—

repeater_tab

Name

Type

Required

Default

tabName

String?

Yes

—

content

String

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

repeater_tab_with_payload

Name

Type

Required

Default

tabName

String?

Yes

—

content

String

Yes

—

replacements

Map<String, String>

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

request_parse

Name

Type

Required

Default

content

String

Yes

—

includeBody

Boolean

false

response_parse

Name

Type

Required

Default

content

String

Yes

—

includeBody

Boolean

false

Scanner

Tool

Native

Unsafe

Default enabled

Pro only

Description

scan_audit_start

Yes

Starts a Burp Scanner audit.

scan_audit_start_mode

Yes

Starts a scanner audit using active or passive mode.

scan_audit_start_requests

Yes

Starts an audit and adds HTTP requests.

scan_crawl_start

Yes

Starts a Burp Scanner crawl.

scan_report

Yes

Generates a scanner report to a path.

scan_task_delete

Yes

Deletes a crawl/audit task started via MCP.

scan_task_status

Yes

Gets status for a crawl/audit task.

scanner_issues

Yes

Displays scanner issues (Burp Pro only).

scan_audit_start

Name

Type

Required

Default

builtInConfiguration

String

Yes

—

scan_audit_start_mode

Name

Type

Required

Default

mode

String

Yes

—

requests

List<String>

emptyList()

targetHostname

String

""

targetPort

Int

0

usesHttps

Boolean

true

scan_audit_start_requests

Name

Type

Required

Default

builtInConfiguration

String

Yes

—

requests

List<String>

Yes

—

targetHostname

String

Yes

—

targetPort

Int

Yes

—

usesHttps

Boolean

Yes

—

scan_crawl_start

Name

Type

Required

Default

seedUrls

List<String>

Yes

—

scan_report

Name

Type

Required

Default

taskId

String?

Yes

—

allIssues

Boolean

Yes

—

format

String

Yes

—

path

String

Yes

—

scan_task_delete

Name

Type

Required

Default

taskId

String

Yes

—

scan_task_status

Name

Type

Required

Default

taskId

String

Yes

—

scanner_issues

Name

Type

Required

Default

count

Int

Yes

—

offset

Int

Yes

—

Scope

Tool

Native

Unsafe

Default enabled

Pro only

Description

scope_check

Yes

Checks whether a URL is in scope.

scope_exclude

Yes

Excludes a URL from scope.

scope_include

Yes

Includes a URL in scope.

scope_check

Name

Type

Required

Default

url

String

Yes

—

scope_exclude

Name

Type

Required

Default

url

String

Yes

—

scope_include

Name

Type

Required

Default

url

String

Yes

—

Site Map

Tool

Native

Unsafe

Default enabled

Pro only

Description

site_map

Yes

Displays items within the Burp site map.

site_map_regex

Yes

Displays site map items matching a regex.

site_map

Name

Type

Required

Default

count

Int

Yes

—

offset

Int

Yes

—

site_map_regex

Name

Type

Required

Default

regex

String

Yes

—

count

Int

Yes

—

offset

Int

Yes

—

Utilities

Tool

Native

Unsafe

Default enabled

Pro only

Description

base64_decode

Yes

Base64 decodes the input string.

base64_encode

Yes

Base64 encodes the input string.

cookie_jar_get

Yes

Returns cookies from Burp's cookie jar (values redacted unless privacy is OFF).

decode_as

Yes

Decodes base64 content using compression codecs (gzip/deflate/brotli).

hash_compute

Yes

Computes a hash for input text (MD5/SHA1/SHA256/SHA512).

jwt_decode

Yes

Decodes JWT header/payload without verifying the signature.

random_string

Yes

Generates a random string of specified length and character set.

url_decode

Yes

URL decodes the input string.

url_encode

Yes

URL encodes the input string.

base64_decode

Name

Type

Required

Default

content

String

Yes

—

base64_encode

Name

Type

Required

Default

content

String

Yes

—

cookie_jar_get

Name

Type

Required

Default

domain

String?

null

includeSubdomains

Boolean

true

scopeOnly

Boolean

true

includeValues

Boolean

false

decode_as

Name

Type

Required

Default

base64

String

Yes

—

encoding

String

Yes

—

hash_compute

Name

Type

Required

Default

content

String

Yes

—

algorithm

String

Yes

—

jwt_decode

Name

Type

Required

Default

token

String

Yes

—

random_string

Name

Type

Required

Default

length

Int

Yes

—

characterSet

String

Yes

—

url_decode

Name

Type

Required

Default

content

String

Yes

—

url_encode

Name

Type

Required

Default

content

String

Yes

—

PreviousSecurity Model NextIssue Creation (MCP)

Last updated 4 days ago

Good evening

Extension-Native vs Generic Tools

AI (extension-native)

ai_analyze

ai_passive_scan

ai_findings_recent

redact_preview

ai_audit_query

ai_backends_list

Burp Control

proxy_intercept

task_engine_state

Collaborator

collaborator_generate

collaborator_poll

Config

project_options_get

project_options_set

user_options_get

user_options_set

Editor

editor_get

editor_set

Issues

issue_create

Extension

status

History

proxy_history_annotate

proxy_http_history

proxy_http_history_regex

proxy_ws_history

proxy_ws_history_regex

response_body_search

Requests

comparer_send

diff_requests

find_reflected

http1_request

http2_request

insertion_points

intruder

intruder_prepare

params_extract

repeater_tab

repeater_tab_with_payload

request_parse

response_parse

Scanner

scan_audit_start

scan_audit_start_mode

scan_audit_start_requests

scan_crawl_start

scan_report

scan_task_delete

scan_task_status

scanner_issues

Scope

scope_check

scope_exclude

scope_include

Site Map

site_map

site_map_regex

Utilities

base64_decode

base64_encode

cookie_jar_get

decode_as

hash_compute

jwt_decode

random_string

url_decode

url_encode

Related Pages