Posts

Tutorial: Build an AI Penetration Tester with Claude (MCP + Burp)

-
Tutorial: Build an AI Penetration Tester with Claude (MCP + Burp) 🤖 Build Your Own AI Penetration Tester: Claude + MCP + Burp Suite A complete step-by-step tutorial to replicate autonomous security testing (25 labs + 2 BSCP exams solved) ⚡ Inspired by "Sonnet Took the Exam. I Just Watched." Originally published on Notion · Tutorial expanded for hands-on replication 🎯 What you'll build: An autonomous AI agent (Claude Sonnet 4.6) that can browse web apps via Playwright, inspect raw HTTP traffic via Burp Suite, and chain XSS → SQLi → RCE to solve PortSwigger labs — completely on its own. 📚 Table of Contents Overview & Architecture Prerequisites & Hardware Step 1: Install Claude Code & MCP Step 2: Configure Playwright MCP Server Step 3: Burp Suite & Burp MCP Integration ...
Post a Comment
Read more

Swagger API & OpenAPI Security — Complete CVE Reference, Misconfigurations, PoC & Exploitation Guide

-
Swagger & OpenAPI Security The Complete Attack Reference Every CVE, misconfiguration, exploitation technique, PoC payload, Burp Suite example, and defensive countermeasure — covering 2020 through 2025. 15+ CVEs Documented XSS · RCE · DoS · SSRF · Path Traversal Burp Suite Examples PoC Code Included 📋 Table of Contents Introduction — Why Swagger Is a High-Value Target Reconnaissance — Discovering Exposed Swagger Instances Master CVE Reference Table (2020–2025) CVE Deep-Dive: DOM XSS via DOMPurify Bypass (≥3.14.1 <3.38.0) CVE-2018-25031 — UI Spoofing & Clickjacking CVE-2021-46708 — Clickjacking in swagger-ui-dist CVE-2022-24863 — DoS via Memory Exhaustion (http-swagger) CVE-2023-38337 — Path Traversal in rswag CVE-2024-22207 — File Disclosure in fastify-swagger-ui CVE-2024-7565 — RCE in SoapUI (SmartBear) SSRF via ?url= Parameter Critical Misconfigurations ...
Post a Comment
Read more