§ Docs

BYOE payload format

Define custom attack payloads. Variables, success conditions, safe-mode variants.

Bring Your Own Exploit (Business plan and up) lets you add custom payloads to your workspace's library. The orchestrator pulls relevant payloads on every scan, prioritized alongside built-in attacks and Exploit Memory.

Schema

A BYOE payload has six parts:

name: human label
surface: one of ai, web, api, cloud
payload_type: llm_prompt, raw_http, tool_call, curl_command, or custom_attack_module
template: the payload body, with {{VARIABLE}} placeholders
context_template: when this payload should be tried, in plain English (e.g., "when target exposes MCP server with filesystem tools")
success_conditions: a JSON object describing how to detect success
safe_variant (optional, required if the primary template is destructive)

Variables

Brektra resolves {{VARIABLE}} placeholders at runtime. Reserved variables include {{TARGET_HOST}}, {{TARGET_BASE_URL}}, {{CANARY_TOKEN}}, {{WORKSPACE_ID}}. Custom variables can be set per scan in advanced config.

Success conditions

Two shapes are supported:

{ "regex": "admin: true" }

{ "json_path": "$.user.role", "equals": "admin" }

regex matches the response body. json_path extracts a value via JSONPath and compares to equals.

Versioning

Every save creates a new version row. The current version is what the orchestrator runs. Roll back from the payload detail view if a new version regresses.

Test before saving

The Test Payload button renders the template against supplied variables without making any network calls. Use this to catch placeholder typos.