From ab1f4599c913dd6f6d3c1d64c3f8279cee973f7e Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Thu, 2 Jul 2026 19:45:16 +0000 Subject: [PATCH] Add content from: The Bug Bounty Singularity: Our Hackbot --- ...ted-Fuzzing-and-Vulnerability-Discovery.md | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/src/AI/AI-Assisted-Fuzzing-and-Vulnerability-Discovery.md b/src/AI/AI-Assisted-Fuzzing-and-Vulnerability-Discovery.md index a94a6a101ad..2df6da8640f 100644 --- a/src/AI/AI-Assisted-Fuzzing-and-Vulnerability-Discovery.md +++ b/src/AI/AI-Assisted-Fuzzing-and-Vulnerability-Discovery.md @@ -9,6 +9,96 @@ What follows is not a description of one specific competition system, but an abs --- +## Autonomous Web-Hacking Agents + +The same LLMs that improve fuzzing can also run **long-lived web-hacking workflows**. The useful abstraction is not "ask the model to find bugs", but "wrap the model in a harness that forces evidence collection, persistence, and skeptical validation". + +### 1. Observability first + +An autonomous agent without logs quickly becomes an expensive false-positive generator. Keep **full session telemetry** for every run: + +- shell commands +- HTTP requests and responses +- browser actions +- intermediate conclusions +- final evidence used in the report + +The logs are often more valuable than the report because they show **why** the agent stopped, which assumptions it made, and which branches deserve another pass. + +### 2. Keep the agent hacking + +A single prompt usually stops at the first plausible explanation. In practice, the agent should run in an **iterative loop**: + +1. perform recon / analysis +2. score the result +3. create follow-up tasks +4. revisit suspicious branches +5. stop only on an explicit budget or low-signal decision + +This is especially useful for web targets where weak signals often hide real issues: reflected parameters, strange redirects, feature flags, hidden API paths, source-map leaks, or partially working authorization bypasses. + +### 3. Add an orchestrator + +Pure persistence burns tokens on thin targets. Put an **orchestrator** above the worker to: + +- kill low-signal targets early +- extend runs on promising attack surfaces +- fan out work into recon / analysis / validation sub-agents +- re-queue interesting artifacts (JS bundles, source maps, leaked configs, suspicious endpoints) + +### 4. Use an adversarial validator + +A separate agent should try to **disprove** every finding before it is reported: + +- alleged XSS → break the source-to-sink chain +- alleged SSRF → prove whether the request actually crossed the trust boundary +- alleged IDOR/BOLA → confirm object ownership really changes with only the identifier mutated +- alleged OAuth issue → replay the exact callback/token exchange and confirm client, redirect, or `postMessage` abuse is real + +This reduces "AI slop" and forces the system to keep only evidence-backed bugs. + +### 5. Split login from hacking + +For post-auth web testing, do **not** waste most of the budget fighting anti-bot login flows. A practical pattern is: + +- keep a **local real-browser session broker** (real Chrome profile, normal fingerprint) +- refresh cookies/tokens there +- hand live authenticated sessions to the cloud worker +- keep the worker focused on post-auth attack surface + +This is especially relevant for high-value classes such as [IDOR/BOLA](../pentesting-web/idor.md), [account takeover](../pentesting-web/account-takeover.md), [registration weaknesses](../pentesting-web/registration-vulnerabilities.md), and [reset/OTP flows](../pentesting-web/reset-password.md). + +### 6. Web-specific artifact mining for agents + +Autonomous web agents work best when explicitly instructed to harvest and prioritize: + +- JS bundles and **source maps** for hidden routes, mock paths, API keys, role strings, and service filenames +- client-side message handlers for [`postMessage`](../pentesting-web/postmessage-vulnerabilities/README.md) sinks and origin-trust mistakes +- OAuth/OIDC callback handlers and Dynamic Client Registration flows ([OAuth to account takeover](../pentesting-web/oauth-to-account-takeover.md)) +- Firebase / Identity Toolkit / Firestore configuration leaks +- unsafe DOM sinks such as `innerHTML`, even on detached nodes, for DOM-XSS review +- Web3 metadata rendered into trusted origins, where XSS can become wallet-signing abuse ([DApps](../pentesting-web/dapps-DecentralizedApplications.md)) + +### 7. High-signal web heuristics to encode as skills + +When you turn the workflow into reusable skills/prompts, explicitly bias the agent toward patterns that repeatedly produce real bugs: + +- **Leaked Google / Firebase keys**: test exposed keys against Identity Toolkit-style project configuration endpoints, recover authorized domains, and compare those domains against real portals, self-registration paths, and domain-trust onboarding logic. +- **Customer lookup / recovery APIs**: prioritize endpoints that accept phone numbers, partial names, DOB, email, or account numbers; check whether any field is only syntactically required and can be abused for bulk enumeration. +- **Reset / OTP validators**: diff success and failure responses looking for leaked OTP hashes, secret material, retry metadata, or account identifiers that turn online verification into offline cracking. +- **Detached-node HTML decoders**: flag helpers that assign attacker input to `innerHTML` on temporary elements, because parsing and event-handler execution can happen before the returned value is re-escaped. +- **Source-map mining**: grep `sourcesContent` for mock paths, hidden assets, API route names, service filenames, feature flags, and committed tokens; use the findings to drive the next fuzzing/validation loop. +- **dApp signing hooks**: if XSS lands on a wallet-connected origin, immediately inspect whether the page can tamper with `signTransaction`, `signAndSendTransaction`, or similar signing methods to change the transaction after the UI intent is established. + +### 8. Good agent outputs + +The best output of an autonomous hacking agent is usually **not** a polished report. It is a queue of: + +- reproducible request/response pairs +- validated exploit paths +- high-signal artifacts worth human review +- concrete follow-up prompts for the next agent pass + ## 1. LLM-Generated Seed Inputs Traditional coverage–guided fuzzers (AFL++, libFuzzer, Honggfuzz…) start with a small corpus of seeds and mutate bytes blindly. When the target input format is complex (SQL, URLs, custom binary protocols) random mutations usually break the syntax before interesting branches are reached. @@ -152,6 +242,7 @@ graph TD --- ## References +* [Joseph Thacker & xssdoctor - The Bug Bounty Singularity: Our Hackbot](https://josephthacker.com/hacking/2026/07/01/we-built-a-hackbot.html) * [Trail of Bits – AIxCC finals: Tale of the tape](https://blog.trailofbits.com/2025/08/07/aixcc-finals-tale-of-the-tape/) * [CTF Radiooo AIxCC finalist interviews](https://www.youtube.com/@ctfradiooo) {{#include ../banners/hacktricks-training.md}}