Critical Thinking - Bug Bounty Podcast Episode 148: MCP Hacking Guide
16 snips
Nov 13, 2025 Dive into the intriguing world of Model Context Protocol (MCP) and its significance for AI pentesting. Discover the architecture and authentication quirks that hackers need to be aware of, including risks like dynamic client registration. Learn how sampling and elicitation can unveil dangerous vulnerabilities. Plus, explore the implications of using Git resources and templated URIs for potential exploits. Packed with insights on how to approach security research practically, this discussion is a must-listen for cybersecurity enthusiasts!
AI Snips
Chapters
Transcript
Episode notes
MCP Architecture Is Easily Inspectable
- MCP uses JSON-RPC over stdio, streamable HTTP, or server-sent events, making raw protocol inspection easy.
- Justin found it straightforward to implement malicious clients/servers in Python for testing.
Audit MCP OAuth And Redirect Handling
- Investigate OAuth and dynamic client registration when assessing MCP authentication.
- Test for SSRF and varying localhost encodings as common weak spots.
Initialization Can Inject System Instructions
- Initialization exchanges capabilities and an instructions string that may be integrated into the client's system prompt.
- That instructions field creates a high-risk vector for malicious server-controlled context injection.