Files
shannon/apps/worker/prompts/pipeline-testing/exploit-auth.txt
T
ezl-keygraph c408eabc62 feat: migrate from MCP tools to CLI based tools (#252)
* feat: migrate from MCP tools to CLI tools

* fix: restore browser action emoji formatters for CLI output

Adapt formatBrowserAction for playwright-cli commands, replacing the old
mcp__playwright__browser_* tool name matching removed during migration.
2026-03-22 13:12:24 +05:30

30 lines
1.9 KiB
Plaintext

## 🧪 Pipeline Testing: Session Isolation Test for Authentication Exploitation Agent
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
### Step 1: Test Browser Isolation
1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session:
```
playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com
```
2. Take a screenshot to prove isolation:
```
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "auth-exploit-test.png"
```
3. Log the test results:
```
console.log("🔵 AUTH EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com")
```
### Step 2: Create Required Deliverable
Run the save-deliverable CLI:
```
save-deliverable --type AUTH_EVIDENCE --content '# Authentication Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation'
```
This will automatically create `deliverables/auth_exploitation_evidence.md`.
### Step 3: Verify Session Isolation
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents.