mitm-find-checksum

Installation

SKILL.md

Find Checksum/Signature Vulnerabilities

Analyze the mitmproxy dump (log.txt) for checksum issues for: $ARGUMENTS

Requires: log.txt in the current directory. If it's missing, capture traffic first:
mitmdump --set flow_detail=3 2>&1 | tee log.txt

Vulnerability Types

1. Checksum Generation Exposed

API returns hash even on error
Can generate arbitrary checksums
Checksum endpoint accessible without auth

Related skills

More from instavm/security-skills

mitm-find-auth
Find authentication and session vulnerabilities. Use when user asks about auth bypass, session issues, login security, or token problems.
16
mitm-find-otp
Find OTP implementation vulnerabilities. Use when user asks about OTP security, verification bypass, SMS security, or two-factor authentication issues.
15
mitm-find-bizlogic
Find Business Logic vulnerabilities in captured traffic. Use when user asks about payment bypass, race conditions, workflow abuse, or application logic flaws.
15
mitm-find-pii
Find PII (Personally Identifiable Information) leakage in API responses. Use when user asks about data exposure, privacy issues, or sensitive data in traffic.
14
mitm-find-ssrf
Find SSRF (Server-Side Request Forgery) vulnerabilities in captured traffic. Use when user asks about URL fetching, webhooks, integrations, or internal network access.
13
mitm-find-idor
Find IDOR (Insecure Direct Object Reference) vulnerabilities in captured traffic. Use when user asks about authorization issues, sequential IDs, or accessing other users' data.
13

Installs

15

Repository

instavm/security-skills

GitHub Stars

49

First Seen

Mar 23, 2026

Security Audits

Gen Agent Trust HubPass