Mcp pro

MCP-Security/MCPAuthenticationByChangingAuthScheme.yml

@@ -0,0 +1,61 @@
+---
+id: AUTHENTICATION_WITH_WRONG_AUTH_SCHEME_MCP
+info:
+  name: Authentication with Wrong Authorization Scheme (MCP)
+  description: |
+    This test checks whether the MCP server strictly enforces the use of the expected authorization scheme.
+  details: |
+    The request modifies the Authorization header to use the "Basic" scheme instead of the expected "Bearer" scheme. If the server accepts this modification, it indicates weak authentication enforcement.
+  impact: |
+    Accepting requests with the wrong authorization scheme may allow bypassing intended authentication mechanisms or introduce unexpected behavior.
+  category:
+    name: MCP_AUTH
+    shortName: MCP_AUTH
+    displayName: Model Context Protocol (MCP) Security - Broken Authentication
+  subCategory: AUTHENTICATION_WITH_WRONG_AUTH_SCHEME_MCP
+  severity: HIGH
+  tags:
+  - Authentication
+  - OWASP top 10
+  - Business logic
+  references:
+  - https://portswigger.net/web-security/authentication
+  - https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
+  cwe:
+  - CWE-287
+  cve:
+  - CVE-2023-27997
+attributes:
+  nature: INTRUSIVE
+  plan: PRO
+  duration: FAST
+api_selection_filters:
+  response_code:
+    gte: 200
+    lt: 300
+  method:
+    eq: POST
+  request_payload:
+    contains_all:
+    - jsonrpc
+    - method
+    - params
+  request_headers:
+    for_one:
+      key:
+        regex: .*
+        extract: authHeaderKey
+      value:
+        regex: ^Bearer.*
+        extract: authHeaderVal
+execute:
+  type: single
+  requests:
+  - req:
+    - modify_header:
+        authHeaderKey: "Basic ${authHeaderVal}"
+validate:
+  response_code:
+    gte: 401
+  response_payload:
+    contains_either: "$magic Check whether the response contains any kind of error response (error status, error fields, error messages, error flags or any json key related to error) related to authentication failure. If there is any error then return nothing just empty braces []. Else return a list of words from the response only in case of successful response."

MCP-Security/MCPAuthenticationTokenReflectionInResponse.yml

@@ -0,0 +1,57 @@
+---
+id: AUTHENTICATION_TOKEN_REFLECTION_IN_RESPONSE_MCP
+info:
+  name: Authenticaton Token Reflection in Response (MCP)
+  description: |
+    This test verifies whether the access token provided in the Authorization header is echoed back in the server's response.
+  details: |
+    Reflecting sensitive tokens in the response increases the risk of token leakage through logs, error messages, or intermediate systems. This test sends a valid token and observes whether it is reflected back in the response body.
+  impact: |
+    Token reflection can lead to credential exposure, log injection, or unintended propagation of secrets, especially if the server response is cached or logged.
+  category:
+    name: MCP_AUTH
+    shortName: MCP_AUTH
+    displayName: Model Context Protocol (MCP) Security - Broken Authentication
+  subCategory: AUTHENTICATION_TOKEN_REFLECTION_IN_RESPONSE_MCP
+  severity: HIGH
+  tags:
+  - Authentication
+  - Token reflection
+  - OWASP top 10
+  - Business logic
+  references:
+  - https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
+  - https://owasp.org/www-community/attacks/Information_exposure_through_query_strings_in_url
+  cwe:
+  - CWE-200
+  cve:
+  - CVE-2023-1644
+attributes:
+  nature: INTRUSIVE
+  plan: PRO
+  duration: FAST
+api_selection_filters:
+  response_code:
+    gte: 200
+    lt: 300
+  method:
+    eq: POST
+  request_payload:
+    contains_all:
+    - jsonrpc
+    - method
+    - params
+  request_headers:
+    for_one:
+      key:
+        contains_either: "$magic From the request headers, find the key that contains the authorization information. It must contain the access token or credentials used for authentication. Return only the header key name."
+        extract: authHeaderKey
+      value:
+        extract: authHeaderVal
+execute:
+  type: single
+  requests:
+  - req: []
+validate:
+  response_payload:
+    contains_either: "$magic Check whether the response body contains the authentication token value that was passed in the request header (the heder value: ${authHeaderVal}). If there is no exact token matching, then return just empty braces. Else return a list with the exact token found in the response."

MCP-Security/MCPAuthenticationTokenReflectionInResponseHeaders.yml

@@ -0,0 +1,58 @@
+---
+id: AUTHENTICATION_TOKEN_REFLECTION_IN_HEADERS_MCP
+info:
+  name: Authentication Token Reflection in Response Headers (MCP)
+  description: |
+    This test verifies whether the access token provided in the Authorization header is echoed back in the server's response headers.
+  details: |
+    Reflecting sensitive tokens in response headers poses a serious risk of credential leakage via logs, proxies, caches, or browser access.
+    This test modifies the access token with a unique marker and inspects response headers for reflection.
+  impact: |
+    Tokens exposed in response headers can be intercepted or logged unintentionally, increasing the risk of unauthorized access and session hijacking.
+  category:
+    name: MCP_AUTH
+    shortName: MCP_AUTH
+    displayName: Model Context Protocol (MCP) Security - Broken Authentication
+  subCategory: AUTHENTICATION_TOKEN_REFLECTION_IN_HEADERS_MCP
+  severity: HIGH
+  tags:
+  - Authentication
+  - Token leakage
+  - Business logic
+  - OWASP top 10
+  references:
+  - https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
+  - https://owasp.org/www-community/attacks/Information_exposure_through_response_headers
+  cwe:
+  - CWE-200
+  cve:
+  - CVE-2023-1644
+attributes:
+  nature: INTRUSIVE
+  plan: PRO
+  duration: FAST
+api_selection_filters:
+  response_code:
+    gte: 200
+    lt: 300
+  method:
+    eq: POST
+  request_payload:
+    contains_all:
+    - jsonrpc
+    - method
+    - params
+  request_headers:
+    for_one:
+      key:
+        contains_either: "$magic From the request headers, find the key that holds the authorization token. This will typically contain access credentials. Return only the header key name."
+        extract: authHeaderKey
+      value:
+        extract: authHeaderVal
+execute:
+  type: single
+  requests:
+  - req: []
+validate:
+  response_headers:
+    contains_either: "$magic Check whether the response headers contains any authentication token value that was passed in the request header (the heder value: ${authHeaderVal}). If there is no exact token matching, then return just empty braces. Else return a list of words with the actual token found in the response header only."

MCP-Security/MCPBreakingJsonParsing.yml

@@ -0,0 +1,130 @@
+---
+id: MCP_BREAKING_JSON_PARSING
+info:
+  name: Breaking JSON Parsing (MCP)
+  description: "This test checks whether MCP servers robustly handle unexpected or control characters in JSON input. It evaluates the parser’s resilience when special values like null bytes, invalid Unicode, or control characters are prepended to valid JSON content, identifying risks that could lead to parsing issues or input validation bypasses."
+  details: "The test sends API requests with JSON payloads that prepend various special characters — such as null bytes ('\\0'), invalid Unicode sequences, or control characters — to valid JSON content (`userBody`). This helps detect whether the application’s JSON parser or request preprocessing logic is vulnerable to input parsing issues or can be tricked into misinterpreting the payload. The test does not use malformed JSON structures, but focuses on injecting control data that could exploit weak parsers or insufficient input sanitization."
+  impact: "Failure to handle special or unexpected characters in JSON payloads can lead to parsing anomalies, denial of service, or bypass of validation logic. An attacker may exploit these weaknesses to disrupt normal operation, trigger unhandled exceptions, or evade input validation. Ensuring strict and predictable JSON parsing is critical to maintaining application stability and security."
+  category:
+    name: MCP_INPUT_VALIDATION
+    shortName: MCP_INPUT_VALIDATION
+    displayName: Model Context Protocol (MCP) Security - Input Validation
+  subCategory: MCP_BREAKING_JSON_PARSING
+  severity: LOW
+  tags:
+  - Business logic
+  - OWASP top 10
+  - HackerOne top 10
+  references:
+  - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/
+  - https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
+  - https://owasp.org/www-project-developer-guide/draft/design/web_app_checklist/validate_inputs/
+  cwe:
+  - CWE-20
+  cve:
+  - CVE-2018-20679
+  - CVE-2019-14271
+attributes:
+  nature: INTRUSIVE
+  plan: PRO
+  duration: FAST
+api_selection_filters:
+  response_code:
+    gte: 200
+    lt: 300
+  method:
+    eq: POST
+  and:
+  - request_payload:
+      for_one:
+        extract: userBody
+  - request_payload:
+      for_one:
+        key:
+          regex: .*
+  - request_payload:
+      contains_all:
+      - jsonrpc
+      - method
+      - params
+wordLists:
+  attemptValues:
+  - "\0"
+  - "\ufffe"
+  - "\uffff"
+  - "null"
+  - undefined
+  - "{"
+  - "}"
+  - "["
+  - "]"
+  - NaN
+  - "\x1f"
+  - "\x7f"
+  - "\x81"
+  - "\ud800"
+  - "\udbff"
+  - "\udc00"
+  - "\udfff"
+  - �
+  - <script>
+  - \u0022
+  responseErrorList:
+  - Error
+  - Internal Server
+  - Failed
+  - Unauthorized
+  - access denied
+  - Forbidden
+  - Method Not allowed
+  - Gateway timeout
+  - request timeout
+  - server error
+  - server busy
+  - authentication error
+  - authorization error
+  - validation error
+  - Permission Denied
+  - invalid token
+  - token expired
+  - session expired
+  - session timeout
+  - unexpected error
+  - unable to process request
+  - bad request
+  - service unavailable
+  - account is locked
+  - account is blocked
+  - multiple failed attempts
+  - Attention Required!
+  - CloudFlare
+  - "Sorry, you have been blocked"
+execute:
+  type: multiple
+  requests:
+  - req:
+    - add_header:
+        x-akto-ignore: 123
+    - replace_body: "{}"
+    - validate:
+        response_code:
+          gte: 200
+          lt: 300
+        response_payload:
+          length:
+            gt: 0
+          not_contains: "${responseErrorList}"
+    - success: exit
+    - failure: x2
+  - req:
+    - add_header:
+        x-akto-ignore: 123
+    - replace_body: "${attemptValues}${userBody}"
+    - validate:
+        response_code:
+          gte: 200
+          lt: 300
+        response_payload:
+          not_contains: "${responseErrorList}"
+    - success: vulnerable
+    - failure: exit

MCP-Security/MCPBrokenAuthenticationByRemovingToken.yml

@@ -0,0 +1,87 @@
+---
+id: MCP_REMOVE_TOKENS
+info:
+  name: Broken Authentication by removing auth token (MCP)
+  description: API doesn't validate the authenticity of token. Attacker can remove the auth token and access the endpoint.
+  details: |
+    "The endpoint appears to be vulnerable to broken authentication attack. The original request was replayed by removing victim's <b>auth</b> token. The server responded with 2XX success codes.<br>" "<b>Background:</b> Authentication is the process of attempting to verify the digital identity of the sender of a communication. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed."
+  impact: "Broken User authentication is a serious vulnerability. Attackers can gain control to other users’ accounts in the system, read their personal data, and perform sensitive actions on their behalf, like money transactions and sending personal messages."
+  category:
+    name: MCP_AUTH
+    shortName: MCP_AUTH
+    displayName: Model Context Protocol (MCP) Security - Broken Authentication
+  subCategory: MCP_REMOVE_TOKENS
+  severity: HIGH
+  tags:
+  - Business logic
+  - OWASP top 10
+  - HackerOne top 10
+  - MCP
+  references:
+  - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/
+  - https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa2-broken-authentication.md
+  - https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
+  - https://cwe.mitre.org/data/definitions/798.html
+  cwe:
+  - CWE-287
+  - CWE-306
+  cve:
+  - CVE-2023-22501
+attributes:
+  nature: NON_INTRUSIVE
+  plan: PRO
+  duration: FAST
+api_selection_filters:
+  response_code:
+    gte: 200
+    lt: 300
+  request_payload:
+    contains_all:
+    - jsonrpc
+    - method
+    - params
+  response_payload:
+    length:
+      gt: 0
+  method:
+    eq: POST
+execute:
+  type: single
+  requests:
+  - req:
+    - modify_url: http://mcp.razorpay.com/message
+    - remove_auth_header: true
+validate:
+  response_code:
+    gte: 200
+    lt: 300
+  response_payload:
+    not_contains:
+    - Error
+    - Internal Server
+    - Failed
+    - Unauthorized
+    - access denied
+    - Forbidden
+    - Method Not allowed
+    - Gateway timeout
+    - request timeout
+    - server error
+    - server busy
+    - authentication error
+    - authorization error
+    - validation error
+    - Permission Denied
+    - invalid token
+    - token expired
+    - session expired
+    - session timeout
+    - unexpected error
+    - unable to process request
+    - bad request
+    - service unavailable
+    - account is locked
+    - account is blocked
+    - multiple failed attempts
+    - invalid credentials
+    - Authentication failed