| Side project I've been poking at. It's an MCP server that drives a real Chromium over CDP and hands the model the primitives a human uses in Burp (history, repeater, sniper-style intruder, passive/active scans), plus an in-page JS toolbox so it can write its own exploit code inside the target page. The idea I wanted to test: give the model the same building blocks a pentester uses instead of a fixed menu of "tools" and "scanners", and let it bring the methodology. It solved over 70% of two public easy web CTFs, OverTheWire Natas and Root-Me Web-Server. Happy to get torn apart on the harness design or the tooling. [link] [comments] |
from hacking: security in practice https://ift.tt/PmgKj8U
Comments
Post a Comment