University of Twente Student Theses
As of Friday, 8 August 2025, the current Student Theses repository is no longer available for thesis uploads. A new Student Theses repository will be available starting Friday, 15 August 2025.
From Prompt to Pwn : Browser-Empowered LLM Agents for Web Penetration Testing
Kalopisis, D. (2025) From Prompt to Pwn : Browser-Empowered LLM Agents for Web Penetration Testing.
|
PDF
359kB |
| Abstract: | Penetration testing simulates attacks on systems to uncover vulnerabilities before adversaries exploit them. It is labor-intensive, as testers must gather intelligence, plan exploits, interact with interfaces, and document actions precisely. Recent advances in language models (LLMs) have spurred efforts to automate parts of this workflow. Studies show LLM agents can generate commands, interpret tool output, and chain tasks, yet they lack programmatic control over a web browser. That omission limits their ability to test client-side logic critical in web applications. We explore whether adding browser access to LLM-driven agents closes that gap. We build two agents: a command-line baseline and a browser-enabled variant that can click, type, read the DOM, and monitor network traffic. Both are evaluated on twenty-seven Web Security labs covering nine common web vulnerabilities. The browser-enabled agent solves 66.7 percent of the labs, compared to 40.7 percent for the baseline, expands coverage from three to seven vulnerability classes, and shows the biggest gains on medium-difficulty tasks. These results confirm that giving agents control over a web browser is a significant advance for automated penetration testing. The next challenges include adding precise timing analysis and support for out-of-band interactions to achieve autonomy. |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science BSc (56964) |
| Link to this item: | https://purl.utwente.nl/essays/107568 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page