mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-07-09 22:48:45 +02:00
c408eabc62
* feat: migrate from MCP tools to CLI tools * fix: restore browser action emoji formatters for CLI output Adapt formatBrowserAction for playwright-cli commands, replacing the old mcp__playwright__browser_* tool name matching removed during migration.
30 lines
1.9 KiB
Plaintext
30 lines
1.9 KiB
Plaintext
## 🧪 Pipeline Testing: Session Isolation Test for SSRF Exploitation Agent
|
|
|
|
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
|
|
|
### Step 1: Test Browser Isolation
|
|
1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session:
|
|
```
|
|
playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com
|
|
```
|
|
|
|
2. Take a screenshot to prove isolation:
|
|
```
|
|
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "ssrf-exploit-test.png"
|
|
```
|
|
|
|
3. Log the test results:
|
|
```
|
|
console.log("🟡 SSRF EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com")
|
|
```
|
|
|
|
### Step 2: Create Required Deliverable
|
|
Run the save-deliverable CLI:
|
|
```
|
|
save-deliverable --type SSRF_EVIDENCE --content '# SSRF Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)'
|
|
```
|
|
|
|
This will automatically create `deliverables/ssrf_exploitation_evidence.md`.
|
|
|
|
### Step 3: Verify Session Isolation
|
|
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. |