mitm-find-bizlogic
Find Business Logic Vulnerabilities
Analyze the mitmproxy dump (log.txt) for business logic flaws for: $ARGUMENTS
Requires:
log.txtin the current directory. If it's missing, capture traffic first:mitmdump --set flow_detail=3 2>&1 | tee log.txt
High-Value Business Logic Patterns (from 376 real HackerOne bounty reports)
1. Payment/Pricing Manipulation
Real examples from bounties:
- Uber: paymentProfileUUID bypass for free rides
- Negative quantity for refund abuse
- Price manipulation in cart
- Coupon/promo code stacking
- Currency conversion abuse
More from instavm/security-skills
mitm-find-auth
Find authentication and session vulnerabilities. Use when user asks about auth bypass, session issues, login security, or token problems.
16mitm-find-otp
Find OTP implementation vulnerabilities. Use when user asks about OTP security, verification bypass, SMS security, or two-factor authentication issues.
15mitm-find-checksum
Find checksum and signature vulnerabilities. Use when user asks about hash validation, signature bypass, checksum manipulation, or cryptographic weaknesses.
15mitm-find-pii
Find PII (Personally Identifiable Information) leakage in API responses. Use when user asks about data exposure, privacy issues, or sensitive data in traffic.
14mitm-find-ssrf
Find SSRF (Server-Side Request Forgery) vulnerabilities in captured traffic. Use when user asks about URL fetching, webhooks, integrations, or internal network access.
13mitm-find-idor
Find IDOR (Insecure Direct Object Reference) vulnerabilities in captured traffic. Use when user asks about authorization issues, sequential IDs, or accessing other users' data.
13