No video of the event yet, sorry!

Ever wished your security toolkit felt more like the Starship Enterprise bridge – where you handle strategy while your computer executes complex tasks? This talk chronicles the development of Nightcrawler, a command-line HTTP/HTTPS proxy and scanner designed to find low-hanging web security fruit, built in a unique "four-hands" collaboration between a human researcher and a Large Language Model (LLM).

We'll explore how Nightcrawler, developed as a Python addon for the powerful mitmproxy framework, assists security workflows by performing background passive analysis (headers, cookies, JWTs) and basic active scanning (Reflected/Stored XSS probes, SQLi checks) while the user manually browses the target application.

Dive into the development process modeled after Captain Picard and the Enterprise Computer: the human provided the tactical requirements, strategic direction, and crucial debugging insights ("Computer, the addon isn't loading, analyze these logs!"), while the LLM "First Officer" handled much of the code generation, knowledge retrieval for APIs (like mitmproxy hooks, asyncio, httpx), and boilerplate implementation ("Aye Captain, refactoring passive scanners into submodules!").

Discover the iterative journey, including practical Python techniques used, the challenges encountered (stubborn bugs, AI misinterpretations, the hilarious moments of debugging generated code), and the benefits realized (rapid prototyping, overcoming knowledge gaps). We'll cover key features like configuration via CLI options (--set) and the modular architecture designed for future expansion.

The session includes a live demo showcasing Nightcrawler intercepting traffic and identifying potential issues on a test application.

Attendees will leave with:

• Insights into the practicalities of AI-assisted development for custom tooling.
• An understanding of building powerful CLI tools leveraging mitmproxy.
• An introduction to the open-source Nightcrawler tool itself.