I gave GLM 5.2 a Burp-style toolkit over MCP

I gave GLM 5.2 a Burp-style toolkit over MCP

Side project I've been poking at.

It's an MCP server that drives a real Chromium over CDP and hands the model the primitives a human uses in Burp (history, repeater, sniper-style intruder, passive/active scans), plus an in-page JS toolbox so it can write its own exploit code inside the target page.

The idea I wanted to test: give the model the same building blocks a pentester uses instead of a fixed menu of "tools" and "scanners", and let it bring the methodology.

It solved over 70% of two public easy web CTFs, OverTheWire Natas and Root-Me Web-Server.

Happy to get torn apart on the harness design or the tooling.

submitted by /u/Background-Degree-50
[link] [comments]


from hacking: security in practice https://ift.tt/PmgKj8U

Comments