BurpMCP (swgee)
Burp Suite extension with an MCP server to enhance manual application security testing with LLMs.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for BurpMCP (swgee), derived from its capabilities.
AIVSS 8.5 ยท High
View MAESTRO 7-layer threat model โOverview
BurpMCP is a Burp Suite extension exposing an MCP server so clients like Claude Desktop and Cursor can let AI perform autonomous web-app testing with full control and visibility. It focuses on augmenting manual AppSec workflows rather than fully automating them. As an intercepting-proxy control surface it carries the usual offensive-tooling scope and misuse risks.
Key features
- Burp extension + MCP server
- Autonomous LLM-driven testing with visibility
- Works with Claude Desktop and Cursor
Use cases
- LLM-augmented manual AppSec testing
- Replay and analyze requests with an agent