Releases: badchars/hackbrowser-mcp
Releases · badchars/hackbrowser-mcp
v0.1.0 — Initial Release
hackbrowser-mcp v0.1.0
The first browser MCP built for security testing.
Highlights
- 39 MCP tools across 11 categories (browser, containers, navigation, interaction, page inspection, traffic capture, security analysis, active testing, auth detection, discovery, reporting)
- Multi-container Firefox — 2-4 isolated sessions with separate cookies, storage, and auth for access control testing
- Traffic intelligence — full HAR 1.2 capture, auto-save, replay with modifications
- Injection testing — 7 types (SQLi, XSS, SSTI, SSRF, CMDi, LFI, HTML injection), 60+ payloads with technique classification
- Access control analysis — cross-role comparison, endpoint access matrix, IDOR detection
- Crawling — BFS spider with form discovery and API extraction
- Auth detection — login form detection, auto-login, session validation
- Report generation — markdown/HTML security reports with findings and evidence
- Stealth mode — fingerprint, UA, WebGL spoofing built-in
- Library usage — full TypeScript API for custom tooling
Requirements
- Bun runtime
- Firefox (auto-downloaded via
bun install) - macOS or Linux
Quick Start
git clone https://github.com/badchars/hackbrowser-mcp.git
cd hackbrowser-mcp
bun install
bun run src/index.ts --mcp