@@ -0,0 +1,47 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "auth-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🔵 AUTH EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/auth_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Authentication Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** auth-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test authentication vulnerability
|
||||
- **Method:** Authentication bypass via parameter manipulation
|
||||
- **Evidence:** Successfully bypassed login using admin=true parameter
|
||||
- **Impact:** Demonstrated unauthorized access to protected resources
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** AUTH-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Parameter-based authentication bypass
|
||||
- **Bypass Method:** URL parameter manipulation
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -0,0 +1,47 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "authz-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟣 AUTHZ EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/authz_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Authorization Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** authz-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test authorization vulnerability
|
||||
- **Method:** Privilege escalation via direct object reference
|
||||
- **Evidence:** Successfully accessed admin panel with user-level privileges
|
||||
- **Impact:** Demonstrated unauthorized access to privileged functionality
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** AUTHZ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
|
||||
- **Escalation Method:** User ID manipulation in API calls
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -0,0 +1,45 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "injection-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🔴 INJECTION EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/injection_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Injection Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** injection-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test injection vulnerability
|
||||
- **Method:** SQL injection via query parameter
|
||||
- **Evidence:** Successfully executed test payload `'; DROP TABLE users; --`
|
||||
- **Impact:** Demonstrated ability to manipulate database queries
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** INJ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -0,0 +1,47 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "ssrf-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟡 SSRF EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/ssrf_exploitation_evidence.md` with content:
|
||||
```
|
||||
# SSRF Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** ssrf-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test SSRF vulnerability
|
||||
- **Method:** Server-Side Request Forgery via URL parameter
|
||||
- **Evidence:** Successfully forced server to make request to internal network
|
||||
- **Impact:** Demonstrated access to internal services and potential data exfiltration
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** SSRF-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** URL parameter manipulation
|
||||
- **Target:** Internal network services (localhost:8080)
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -0,0 +1,46 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "xss-exploit-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟠 XSS EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/xss_exploitation_evidence.md` with content:
|
||||
```
|
||||
# XSS Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** xss-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test XSS vulnerability
|
||||
- **Method:** Reflected XSS via search parameter
|
||||
- **Evidence:** Successfully executed payload `<script>alert('XSS')</script>`
|
||||
- **Impact:** Demonstrated JavaScript code execution in user context
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** XSS-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Reflected XSS in search functionality
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -0,0 +1 @@
|
||||
Create file `deliverables/code_analysis_deliverable.md` with content "Pre-recon analysis complete".
|
||||
@@ -0,0 +1 @@
|
||||
Create file `deliverables/recon_deliverable.md` with content "Reconnaissance analysis complete".
|
||||
@@ -0,0 +1,138 @@
|
||||
<role>
|
||||
You are a Security Report Generator for pipeline testing. Your job is to create a comprehensive security assessment report that simulates realistic exploitation scenarios.
|
||||
</role>
|
||||
|
||||
<audience>
|
||||
Pipeline testing and vulnerability reporting validation.
|
||||
</audience>
|
||||
|
||||
<objective>
|
||||
Create a comprehensive security assessment report with successfully exploited vulnerabilities.
|
||||
</objective>
|
||||
|
||||
<target>
|
||||
URL: {{WEB_URL}}
|
||||
Repository: {{GITHUB_URL}}
|
||||
</target>
|
||||
|
||||
<instructions>
|
||||
Create or modify `deliverables/comprehensive_security_assessment_report.md` with the following structure:
|
||||
|
||||
# Security Assessment Report
|
||||
|
||||
## Executive Summary
|
||||
- Target: {{WEB_URL}}
|
||||
- Assessment Date: {current date}
|
||||
- Scope: Authentication, XSS, SQL and Command Injection, SSRF, Authorization testing
|
||||
|
||||
## Summary by Vulnerability Type
|
||||
|
||||
**Authentication Vulnerabilities:**
|
||||
Three authentication vulnerabilities were successfully exploited. Critical findings include session management bypass allowing unauthorized access, weak password policy enabling brute force attacks, and missing multi-factor authentication on administrative functions.
|
||||
|
||||
**Authorization Vulnerabilities:**
|
||||
One authorization vulnerability was successfully exploited: privilege escalation through role manipulation in user profile settings.
|
||||
|
||||
**Cross-Site Scripting (XSS) Vulnerabilities:**
|
||||
One XSS vulnerability was successfully exploited: CSS injection in the chart styling component enabling CSRF token extraction and keylogging capabilities.
|
||||
|
||||
**SQL/Command Injection Vulnerabilities:**
|
||||
One injection vulnerability was successfully exploited: SQL injection in user search functionality allowing database enumeration and data extraction.
|
||||
|
||||
**Server-Side Request Forgery (SSRF) Vulnerabilities:**
|
||||
No SSRF vulnerabilities were successfully exploited due to network access restrictions.
|
||||
|
||||
## Network Reconnaissance
|
||||
|
||||
**Open Ports and Services:**
|
||||
- Port 80/tcp: HTTP service, redirects to HTTPS
|
||||
- Port 443/tcp: HTTPS service, main application access point
|
||||
|
||||
**Security Headers:**
|
||||
- HTTP Strict Transport Security (HSTS) configured with max-age=31536000
|
||||
- X-Frame-Options set to DENY preventing clickjacking attacks
|
||||
- Content Security Policy implemented with nonces
|
||||
|
||||
# Authentication Exploitation Evidence
|
||||
|
||||
## Successfully Exploited Vulnerabilities
|
||||
|
||||
### AUTH-VULN-01: Session Management Bypass
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** Session token predictability in authentication system
|
||||
- **Impact:** Complete authentication bypass allowing unauthorized access
|
||||
- **Severity:** Critical
|
||||
|
||||
**Exploitation Evidence:**
|
||||
Successfully bypassed authentication by predicting session tokens through temporal analysis. Gained administrative access to user management functions.
|
||||
|
||||
### AUTH-VULN-02: Weak Password Policy Exploitation
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** Insufficient password complexity requirements
|
||||
- **Impact:** Account takeover through brute force attacks
|
||||
- **Severity:** High
|
||||
|
||||
**Exploitation Evidence:**
|
||||
Successfully performed brute force attacks against multiple user accounts due to weak password policy allowing simple passwords.
|
||||
|
||||
# Authorization Exploitation Evidence
|
||||
|
||||
## Successfully Exploited Vulnerabilities
|
||||
|
||||
### AUTHZ-VULN-01: Privilege Escalation via Role Manipulation
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** Insufficient authorization checks in user profile settings
|
||||
- **Impact:** Privilege escalation from standard user to administrator
|
||||
- **Severity:** High
|
||||
|
||||
**Exploitation Evidence:**
|
||||
Successfully escalated privileges by manipulating user role parameters in profile update requests, gaining administrative access.
|
||||
|
||||
# XSS Exploitation Evidence
|
||||
|
||||
## Successfully Exploited Vulnerabilities
|
||||
|
||||
### XSS-VULN-01: CSS Injection with Token Extraction
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** CSS injection in chart styling component using dangerouslySetInnerHTML
|
||||
- **Impact:** CSRF token extraction and keylogging capabilities
|
||||
- **Severity:** Medium
|
||||
|
||||
**Exploitation Evidence:**
|
||||
Successfully injected CSS code that extracted CSRF tokens and demonstrated keylogging capabilities. CSP blocked data exfiltration but exploitation was proven.
|
||||
|
||||
# Injection Exploitation Evidence
|
||||
|
||||
## Successfully Exploited Vulnerabilities
|
||||
|
||||
### INJ-VULN-01: SQL Injection in User Search
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** SQL injection in user search functionality
|
||||
- **Impact:** Database enumeration and sensitive data extraction
|
||||
- **Severity:** High
|
||||
|
||||
**Exploitation Evidence:**
|
||||
Successfully exploited SQL injection to enumerate database structure and extract sensitive user information including password hashes.
|
||||
|
||||
# SSRF Exploitation Evidence
|
||||
|
||||
## Potential Vulnerabilities (Validation Blocked)
|
||||
|
||||
### SSRF-VULN-01: Internal Service Access via URL Parameter
|
||||
|
||||
**Summary:**
|
||||
- **Vulnerability:** SSRF in URL processing service
|
||||
- **Current Blocker:** Network access restriction
|
||||
- **Potential Impact:** Internal service enumeration and data access
|
||||
- **Confidence:** HIGH
|
||||
|
||||
**Evidence of Vulnerability:**
|
||||
Code analysis shows SSRF vulnerability in URL processing service but exploitation blocked by network restrictions.
|
||||
|
||||
|
||||
</instructions>
|
||||
@@ -0,0 +1,53 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Auth Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.net
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "auth-agent-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🔵 AUTH AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.net")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/auth_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Auth Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.net
|
||||
**Screenshot:** auth-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
```
|
||||
|
||||
2. `deliverables/auth_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTH-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test auth vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Authentication_Bypass",
|
||||
"endpoint": "/api/login",
|
||||
"flaw_type": "Missing token validation",
|
||||
"exploit_hypothesis": "Empty or invalid token allows access to protected resources",
|
||||
"witness_payload": "Authorization: Bearer invalid_token"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.net independently of other parallel agents.
|
||||
@@ -0,0 +1,52 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://jsonplaceholder.typicode.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "authz-agent-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟢 AUTHZ AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to jsonplaceholder.typicode.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/authz_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Authorization Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://jsonplaceholder.typicode.com
|
||||
**Screenshot:** authz-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
```
|
||||
|
||||
2. `deliverables/authz_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTHZ-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test authz vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Vertical",
|
||||
"endpoint": "/admin/users",
|
||||
"actual_access": "Regular users can access admin functions",
|
||||
"witness_payload": "GET /admin/users with regular user token"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to jsonplaceholder.typicode.com independently of other parallel agents.
|
||||
@@ -0,0 +1,55 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.com
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "injection-agent-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🔴 INJECTION AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/injection_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Injection Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** injection-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
```
|
||||
|
||||
2. `deliverables/injection_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "INJ-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "SQLi",
|
||||
"source": "query parameter at app.js:15",
|
||||
"path": "controller → db.query",
|
||||
"sink_call": "db.query at app.js:20",
|
||||
"slot_type": "SQL-val",
|
||||
"mismatch_reason": "User input directly concatenated into SQL query",
|
||||
"witness_payload": "'; DROP TABLE users; --"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.
|
||||
@@ -0,0 +1,52 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://httpbin.org
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "ssrf-agent-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟠 SSRF AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to httpbin.org")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/ssrf_analysis_deliverable.md` with content:
|
||||
```
|
||||
# SSRF Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://httpbin.org
|
||||
**Screenshot:** ssrf-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
```
|
||||
|
||||
2. `deliverables/ssrf_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "SSRF-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test SSRF vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "URL_Manipulation",
|
||||
"source": "url parameter in /api/fetch",
|
||||
"outbound_call": "fetch() at api.js:45",
|
||||
"witness_payload": "http://internal.localhost/admin"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to httpbin.org independently of other parallel agents.
|
||||
@@ -0,0 +1,54 @@
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
### Step 1: Test Browser Isolation
|
||||
1. Navigate to the test site using your assigned MCP server:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_navigate to https://example.org
|
||||
```
|
||||
|
||||
2. Take a screenshot to prove isolation:
|
||||
```
|
||||
{{MCP_SERVER}}__browser_take_screenshot with filename "xss-agent-test.png"
|
||||
```
|
||||
|
||||
3. Log the test results:
|
||||
```
|
||||
console.log("🟡 XSS AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.org")
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/xss_analysis_deliverable.md` with content:
|
||||
```
|
||||
# XSS Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.org
|
||||
**Screenshot:** xss-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
```
|
||||
|
||||
2. `deliverables/xss_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "XSS-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Reflected",
|
||||
"source": "search parameter",
|
||||
"sink_function": "template.render at search.js:25",
|
||||
"render_context": "HTML_BODY",
|
||||
"mismatch_reason": "User input rendered without HTML encoding",
|
||||
"witness_payload": "<script>alert(1)</script>"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents.
|
||||
Reference in New Issue
Block a user