Hacking in the Age of AI LLMs, Agentic CLIs, MCP Servers, an...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://yeswehack.com/learn-bug-bounty/llm-bug-bounty-hunting-agentic-cli
• Blog Title: Hacking in the Age of AI: LLMs, Agentic CLIs, MCP Servers, and Manual PoC Validation for Bug Bounty Hunters
• Suggested Section: AI Security -> Burp MCP: LLM-assisted traffic review, and Pentesting Web -> XSS -> DOM XSS / Misc JS Tricks

🎯 Content Summary

The post explains how LLMs can be integrated into Bug Bounty workflows without turning reports into unverified AI-generated false positives. The core message is that LLMs are useful for accelerating analysis, but they must be treated as assistants, not authorities. They can help analyze code, generate exploit tooling, review proxy traffic, summarize notes, suggest payloads, and polish reports, but they can also hallucinate vulnerabilities or produce PoCs that do not actually execute. Submitti...

🔧 Technical Details

Agentic LLM + MCP proxy workflow: An agentic CLI can be connected to a web proxy through an MCP server so the model can inspect proxy history, replay HTTP requests, read notes, and reason over real testing context instead of operating as a disconnected chatbot. For Burp Suite with Claude Code, place a .mcp.json file in the working directory defining an SSE MCP server at http://localhost:9876/, or run claude mcp add burpsuite --transport sse --url http://localhost:9876/. This technique is useful for guided testing, request review, payload brainstorming, and report drafting, but every model-generated finding must still be manually reproduced.

DOM XSS source-to-sink analysis: If client-side JavaScript reads attacker-controlled data from window.location.search using URLSearchParams and concatenates it into an HTML string passed to document.write(), the URL parameter...

🤖 Agent Actions

Updated src/AI/AI-Burp-MCP.md.

Added:

• Claude Code Burp MCP setup via repo-local .mcp.json
• Equivalent claude mcp add ... command
• A manual PoC validation workflow for LLM-assisted findings
• A concise DOM XSS case study showing:
  • window.location.search → URLSearchParams → document.write() source-to-sink flow
  • why "><img ...> can fail when new tags are filtered
  • how to reuse the existing <img> with x" onload=alert(1) y="z

Also updated the page’s References with:

• the YesWeHack blog
• Caido MCP docs
• Gin and Juice Shop

Validation:

• Re-read final file
• Reviewed git diff
• Confirmed single ## References section and banner preserved
• mdbook build could not be run because mdbook is not installed in this environment

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://yeswehack.com/learn-bug-bounty/llm-bug-bounty-hunting-agentic-cli

Content Categories: Based on the analysis, this content was categorized under "AI Security -> Burp MCP: LLM-assisted traffic review, and Pentesting Web -> XSS -> DOM XSS / Misc JS Tricks".

Repository Maintenance:

• MD Files Formatting: 977 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0