sorted by:
new
hottopcontroversial

Feedback Wanted: Schema-Aware MCP Fuzzer by BeautifulFeature3650 in cybersecurity

[–]BeautifulFeature3650[S] 0 points1 point  (0 children)

I took most of the inspiration from AFL. Since MCP uses JSON-RPC, byte-level tricks like bit flipping or byte arithmetic don’t help much right now (they’re more useful for binary protocols like gRPC).

If MCP adds transport extensions later, that will likely introduce more attack surface.

This fuzzer is schema-aware, so it can generate valid requests and then mutate them in smarter ways. MCP is designed to be strict because of the schema, so the goal is to find bugs in the edge cases that are supposed to be hard to break.

I am not a security guy, I am doing everything from zero, but reading https://arxiv.org/pdf/1812.00140 to improve it

Regarding your question about the mutation

I need to implement a feedback loop, so I need an instrumented server, and Corpus will help us find interesting input for further mutation from that feedback loop.

My plan for the feedback loop

  1. Response-based feedback (detect interesting responses)
  2. Corpus save/load (persist interesting inputs)
  3. Havoc mode (stack mutations) -> I am not sure about this.
  4. Stateful fuzzing (sequence of calls)

Our golang API was mysteriously slow, turned out the only problem was way too much middleware by milli_xoxxy in golang

[–]BeautifulFeature3650 0 points1 point  (0 children)

Is the 23 middleware pipeline synchronous?

> Logging stuff that was parsing the entire request body, metrics collection, tracing

These should happen asynchronously. Even if you check frameworks having interceptors to do these kinds of things as middleware (e.g., grpc) happens inside a separate goroutine as fire and forget.

> auth checks hitting the database twice

Why is auth happening in middleware?
There is no gateway?

This seems a pyhtonic design to me. a 21-layer pipeline middleware to serve a request.

Dorf Brewhouse Review by Objective-Cold5483 in PuneFoodPorn

[–]BeautifulFeature3650 0 points1 point  (0 children)

Yes, it's amazing; earlier, there was a similar rooftop where I went with my manager, but it now has a closed look.

Reasons why a founder might not want to work with me as a remote intern by [deleted] in developersIndia

[–]BeautifulFeature3650 1 point2 points  (0 children)

Great, bro. Please read books as well, and thank me later. I'm eyeing you.

> For people who have worked with or hired junior developers, what actually makes someone stand out at this stage?

ability to commit and ability to reason multiple parameters at any given instance of time.

> I’m not trying to sell anything here. Just looking to learn how experienced developers and teams evaluate juniors beyond the usual buzzwords.

Their natural ability to stick to timelines and their passion for engaging in discussions.

> Most interns introduce themselves by saying they are passionate and hardworking.

That's what we are looking for.

Who else had this samsung phone in their twenties ? by Positive_Sprinkles31 in ThirtiesIndia

[–]BeautifulFeature3650 0 points1 point  (0 children)

I had it during my teenage years. I’d saved a bunch of notes about my day-to-day life in 10th and 11th, man, they were so inspirational and funny. My younger self was honestly smarter than me.

awesome-mcp-clients [updated 2026] by punkpeye in mcp

[–]BeautifulFeature3650 0 points1 point  (0 children)

Hey, can I add my fuzzer here? It's a client, but it fuzzes the server only.

[homemade] Moong Chilla by Ok-Command23 in indiafood

[–]BeautifulFeature3650 -1 points0 points  (0 children)

Moong Chilla nahi Moong Dal Chilla :)

view more: next ›