Running an Attack
Full attack flow in the Adapter — configuration, Live Activity monitoring, and troubleshooting common errors
Overview of the attack flow
Projects tab → Select project → Select target → Configure → Start Attack
↓
Discovery Phase (UI detection, ~10–60s, runs once)
↓
Recon Phase (optional, probes AI capabilities)
↓
Attack Loop (per goal: strategy → prompt → response → Judge score)
↓
Results uploaded to Web Console
Step 1 — Select a project and target
Open the Projects tab. On the left, select your project. In the center panel, select the target you want to attack.
Step 2 — Configure and start
Click Start Attack (or the play button next to the target).
In the configuration panel:
| Option | Description |
|---|---|
| Attack mode | Web UI — browser automation. API (Auto-Detect) — captures the target's API from network traffic. Both — tries API first, falls back to Web UI. |
| Goals | Select which goals to attack. Goals are synced from your Web Console project. |
| Max turns | Maximum prompt attempts per goal before giving up (default: 10). |
| Force Recon | Run a reconnaissance phase first to probe the target's capabilities and system prompt. Adds ~2 min. |
Click Start. The Adapter opens a browser window for the target.
Step 3 — Discovery phase
The Adapter automatically finds the chat UI:
- With a known target preset — detection completes in ~10 seconds
- Without a preset (generic) — Vision + DOM analysis runs, takes ~30–60 seconds
You'll see the discovery status in the Live Activity panel at the bottom of the screen. If discovery fails after 3 attempts, see the troubleshooting section below.
Step 4 — Watch the Live Activity panel
During the attack, Live Activity shows each turn in real time:
- The strategy name (e.g.
roleplay,indirect,multilingual-ja) - The prompt sent
- The AI's response (truncated)
- The Judge score
A turn marked Breached (score ≥ 0.7) means the attack succeeded for that goal. The Adapter moves on to the next goal automatically.
Step 5 — Review results in the Dashboard
When the attack finishes, results are uploaded to the Web Console automatically.
In the Adapter's Dashboard tab:
- Overview — total ASR, breach count, goal-by-goal summary
- History — individual assessment list with timestamps
For full analysis including trace details and report generation, open the assessment in the Web Console.
Troubleshooting common errors
| Error | Cause | Fix |
|---|---|---|
| "Chat could not be loaded" | Stale cached session (common with Gemini) | Sessions tab → delete the target session → re-create it |
| 401 Unauthorized | API key expired or revoked | Web Console → Settings → API Keys → create a new key, re-login in Adapter |
| "Insufficient Credits" (402) | Out of credits | Web Console → Billing → Top Up, then restart the attack |
| Discovery fails after 3 attempts | Target UI changed or Shadow DOM/iframe not detected | Try switching attack mode to API (Auto-Detect); if unavailable, contact support |
| Response shows "thinking..." forever | Loading text pattern not recognized | Known issue with some streaming UIs — the Adapter retries automatically |
| "Target not in Allowlist" | Target URL not approved | Settings → Allowlist → submit the URL and wait for approval |
| Attack stops mid-run | Credits ran out during the run | Top up and re-run — completed goals are saved, only unfinished goals need re-running |
| Network Capture failed | Target API is encrypted or obfuscated | Switch to Web UI mode instead of API (Auto-Detect) |
Human agent detection
Some corporate chatbots (e.g. Deutsche Telekom) automatically transfer to a live human agent when they detect unusual input. The Adapter detects this and stops the attack for that session — this is expected behavior, not an error.
Security notes
- Target session cookies are stored only on your local machine — never sent to Stinger's servers
- The Adapter enforces Allowlist restrictions — it will not attack unapproved URLs
- Keep your API key secure. Rotate it at Settings → API Keys if you suspect it was exposed