Web Proxy Testing
Web proxy testing is Cyberstrike’s browser-integrated security testing workflow. You browse a target application normally while the system automatically captures, analyzes, and tests every HTTP request in the background.
How It Works
Three components work together:
┌─────────────────────────────────────────────────────────────┐│ Firefox Browser ││ ├── Container 1: admin-user (Firefox Containers) ││ └── Container 2: regular-user │└──────────────────────────┬──────────────────────────────────┘ │ Intercepts every request │ matching your scope ▼┌─────────────────────────────────────────────────────────────┐│ Firefox Extension ││ ├── Captures raw HTTP request + response ││ ├── Attaches credential context (auth headers per ││ │ container) ││ └── POST /session/ingest → Cyberstrike API │└──────────────────────────┬──────────────────────────────────┘ │ ▼┌─────────────────────────────────────────────────────────────┐│ Cyberstrike API (POST /session/ingest) ││ ├── Parses and deduplicates requests ││ ├── Links credential context ││ └── Enqueues for async proxy-agent processing │└──────────────────────────┬──────────────────────────────────┘ │ ▼┌─────────────────────────────────────────────────────────────┐│ proxy-agent (pure orchestrator) ││ ││ Step 1: proxy-analyzer ││ └── Extracts objects, roles, functions, ID values ││ ││ Step 2: web_get_session_context ││ └── Reviews accumulated knowledge from prior requests ││ ││ Step 3: Parallel vulnerability testing ││ ├── proxy-tester-idor (ID manipulation) ││ ├── proxy-tester-authz (access control) ││ ├── proxy-tester-injection (SQLi, XSS, SSTI, etc.) ││ ├── proxy-tester-authn (auth flaws, JWT) ││ ├── proxy-tester-mass-assignment ││ ├── proxy-tester-business-logic ││ ├── proxy-tester-ssrf ││ └── proxy-tester-file-attacks │└──────────────────────────┬──────────────────────────────────┘ │ ▼┌─────────────────────────────────────────────────────────────┐│ Session Storage ││ ├── Credentials (auth identities) ││ ├── Roles (user privilege levels) ││ ├── Objects (data entities and their fields) ││ ├── Functions (endpoint purposes and CRUD types) ││ └── Vulnerabilities (findings with CVSS, CWE, PoC) │└──────────────────────────┬──────────────────────────────────┘ │ Extension polls │ GET /session/{id}/web/* ▼ Popup context panel (credentials, roles, objects, functions)The Proxy-Agent
The proxy-agent is the orchestration engine for this workflow. It is a pure orchestrator — it does not test for vulnerabilities directly. For every incoming HTTP request, it:
Calls
proxy-analyzerfirst — always. The analyzer extracts the application architecture (objects, roles, functions, object IDs) and writes the findings to session storage.Reads session context — calls
web_get_session_contextto understand what has been learned so far: how many credentials are available, what objects have been discovered, which endpoints are known.Selects testing agents intelligently — rather than using rigid routing rules, it analyzes the request characteristics (inputs, identifiers, HTTP method, response content) together with the accumulated session context to decide which vulnerability testers are relevant.
Launches agents in parallel — independent tests run simultaneously for efficiency. A typical request triggers 3–6 testing agents.
What the Proxy-Agent Does NOT Do
- Does not send HTTP requests to test for vulnerabilities directly
- Does not run security tools (SQLMap, Nuclei, etc.) itself
- Does not create credentials — these come from the Firefox extension only
- Does not call
report_vulnerability— individual testing agents handle reporting
For the full technical reference, see Proxy Agent.
Quick Start
Start Cyberstrike — the API must be running before the extension can send requests
Install the Firefox extension — see Firefox Extension
Create a session — click New Session or select an existing one in the popup
Set a scope — enter the target domain (e.g.
shop.example.com)Add credentials — create a credential entry for each user account you want to test with, linked to a Firefox container
Start capture — click Start and browse the application normally
Review findings — use
/vulnerabilitiesin the TUI to see discovered issues, or/webto inspect accumulated context
Multi-User Testing
The most effective use of this workflow involves testing with multiple user accounts simultaneously. The extension uses Firefox Containers to isolate sessions:
- Open the target application in different containers (Admin in Container 1, Regular User in Container 2)
- Register each container as a separate credential in the popup
- Browse the application as each user
- The proxy-agent automatically tests cross-user scenarios — IDOR, authorization bypass, privilege escalation — by comparing what each credential can access
What Gets Tested
The proxy-agent selects tests based on each request’s characteristics:
| Request Type | Tests Launched |
|---|---|
| Any endpoint with user input | Injection (SQLi, XSS, SSTI, XXE) |
| Numeric/UUID identifiers in path or body | IDOR |
| POST/PUT/PATCH with JSON body | Mass assignment |
| Login, SSO, session endpoints | Authentication flaws |
| Financial or transactional endpoints | Business logic |
| URL/URI parameters | SSRF |
| File upload or path parameters | File attacks |
| Protected resources with multiple credentials | Authorization bypass |
Related Documentation
- Firefox Extension - Installation and credential setup
- Context Management - Viewing session context and vulnerabilities in the TUI
- Proxy Agent - Full technical reference for the proxy-agent