BurpMCP-Ultra (Cy-S3c)
AI-powered Burp Suite Pro MCP server with 149 tools for proxy, scanner, fuzzing, race conditions, and JWT/IDOR attacks.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for BurpMCP-Ultra (Cy-S3c), derived from its capabilities.
AIVSS 8.4 ยท High
View MAESTRO 7-layer threat model โOverview
BurpMCP-Ultra is an ambitious Burp Suite Professional MCP server exposing 149 tools across proxy, scanner, inline fuzzer, race conditions, guided injection, JWT and IDOR attacks, recon and out-of-band testing, with a real-time dashboard and hardened localhost security. It lets an agent drive Burp end-to-end from Claude Code or any MCP client. The breadth of active-attack tooling makes scope control and localhost hardening essential.
Key features
- 149 tools incl. fuzzer, race conditions, JWT/IDOR
- Real-time dashboard
- Hardened localhost security
Use cases
- Agent-driven web-app attack workflows
- Automated fuzzing and injection testing