Skip to main content

Model Context Protocol for CTF

Diablo avatar
Written by Diablo
Updated this week

🔐 MCP Token Generation and Access Control

📘 Overview

MCP (Model Context Protocol) is a protocol that bridges AI tools with the Hack The Box CTF platform, allowing users to interact with challenges and events via tools like Claude or Visual Studio Code.

🤖 What is MCP?

MCP (Model Context Protocol) is a powerful bridge between AI models and APIs, developed by Anthropic. It allows direct communication between AI tools and platforms — like HTB’s CTF environment — using secure tokens.

With MCP, you can:

  • Register for CTF events from AI tools

  • Start/stop challenge containers

  • Submit flags

  • View solve stats

  • And much more!

This opens the door for hybrid AI-human collaboration and enriched learning workflows.

🧪 How It Works

Go to Your Profile

  • Navigate to: Profile Settings > MCP Access

  • Click Generate Token

⚠️ Tokens are one-time viewable. Make sure to copy and save it securely!⚠️

Token Management

  • View token expiration

  • Revoke the token at any time

Tool Integration

🖥️ Claude Desktop

Overview
Claude Desktop is Anthropic's desktop app. Since it only supports the stdio transport, it requires mcp-proxy.

📦 Prerequisites

  • Claude Desktop installed

  • A valid MCP API token

  • mcp-proxy installed (standalone or via uv)

⚙️ Setup

  1. Open Claude Desktop Settings

    • macOS: Claude menu → Settings…

    • Windows: Use the main application menu

  2. Access Developer Options

    • Go to Developer in the sidebar → Click Edit Config

  3. Open the Config File

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

    • Windows: %APPDATA%\Claude\claude_desktop_config.json

  4. Replace with the following (depending on your setup):

Standalone - macOS/Linux

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "command": "/path/to/mcp-proxy",
      "args": [
        "--transport",
        "streamablehttp",
        "https://mcp.hackthebox.ai/v1/ctf/mcp/"
      ],
      "env": {
        "API_ACCESS_TOKEN": "<API token>"
      }
    }
  }
}

Standalone - Windows

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "command": "/path/to/mcp-proxy.exe",
      "args": [
        "--transport",
        "streamablehttp",
        "https://mcp.hackthebox.ai/v1/ctf/mcp/"
      ],
      "env": {
        "API_ACCESS_TOKEN": "<API token>"
      }
    }
  }
}

Using UV

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "command": "uvx",
      "args": [
        "mcp-proxy",
        "--transport",
        "streamablehttp",
        "https://mcp.hackthebox.ai/v1/ctf/mcp/"
      ],
      "env": {
        "API_ACCESS_TOKEN": "<API token>"
      }
    }
  }
}

5. Save and Restart Claude Desktop

6. Verify successful integration

  • A slider icon should appear at the bottom left corner of the window. Clicking this icon will display the list of available tools.

✅ Example Prompts

  • Which CTF events are currently running?

  • Show me the leaderboard for event HTB2025.

  • What team am I currently a member of?

🛠️ Troubleshooting

  • Ensure config file is correctly saved

  • Check token validity and proxy path

  • Restart the app fully

  • Claude Desktop's documentation offers more details on troubleshooting.

🤖 Claude Code

Overview
Claude Code is Anthropic's CLI tool for interacting with Claude AI. You can connect it directly to HTB's MCP server to participate in CTF events.

📦 Prerequisites

  • Claude Code installed on the system

  • A valid MCP API token

⚙️ Setup

claude mcp add --transport http htb-mcp-ctf https://mcp.hackthebox.ai/v1/ctf/mcp/ --header "Authorization: Bearer <API Token>"

⚠️ Replace <API token> with your actual MCP token from your profile.

🛠️ Troubleshooting

🧠 Visual Studio Code + GitHub Copilot

Overview
VS Code with GitHub Copilot supports MCP to connect with HTB's CTF API and provide in-editor AI-assisted functionality.

📦 Prerequisites

  • Visual Studio Code installed on the system

  • GitHub Copilot extension installed and activated

  • GitHub Copilot Chat extension installed.

  • A valid MCP API token

⚙️ Setup

  1. Open Command Palette (⇧⌘P or View > Command Palette)

  2. Search MCP → Select MCP: Add Server

  3. Choose HTTP (Streamable HTTP)

  4. Set the URL:

https://mcp.hackthebox.ai/v1/ctf/mcp/

  1. Server ID example:

htb-mcp-ctf

  1. Choose User Settings or Workspace Settings

  2. Update the generated config to:

{
  "servers": {
    "htb-mcp-ctf": {
      "url": "https://mcp.hackthebox.ai/v1/ctf/mcp/",
      "type": "http",
      "headers": { "Authorization": "Bearer <API token>" }
    }
  }
}

⚠️ Don’t forget to replace <API token> With your actual one.

✅ Testing the Integration

  • Open Copilot Chat (^⌘I or from the sidebar)

  • Ensure Agent is selected

  • Try: Which CTF events are currently available?

🛠️ Troubleshooting

  • Enable: Chat > MCP: Enabled In VS Code settings

  • Check for typos in the URL or token

  • Avoid trailing spaces in your token

🦾 Cline

Overview
Cline is an open-source local AI coding assistant that runs entirely on your system and integrates seamlessly with editors like Visual Studio Code or Cursor. It allows you to interact with your local files, terminal, and environment using natural language.
By connecting Cline to HTB’s MCP server, you can use AI-assisted tools directly in your editor to interact with CTF events — all without sending your data to the cloud.

📦 Prerequisites

The following are required before proceeding with setup:

  • Visual Studio Code installed on the system

  • Cline extension installed

  • mcp-proxy (required due to [issue #4391])

    • Available via the installation instructions

    • Alternatively, can be run using uv

  • A valid MCP API token

⚙️ Setup

⚠️ Replace <API token> with your actual MCP API token.

  1. Open the Cline extension in Visual Studio Code.

  2. Click the MCP Servers icon in the top navigation bar.

  3. Select the Remote Servers tab.

  4. Click Edit Configuration.

  5. Update the cline_mcp_settings.json file to include the following configuration:

Using mcp-proxy:

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "command": "mcp-proxy",
      "args": [
        "--transport",
        "streamablehttp",
        "https://mcp.hackthebox.ai/v1/ctf/mcp/"
      ],
      "env": {
        "API_ACCESS_TOKEN": "<API token>"
      }
    }
  }
}

Using uv:

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "command": "uvx",
      "args": [
        "mcp-proxy",
        "--transport",
        "streamablehttp",
        "https://mcp.hackthebox.ai/v1/ctf/mcp/"
      ],
      "env": {
        "API_ACCESS_TOKEN": "<API token>"
      }
    }
  }
}

⚠️ Important: Replace <API token> with your actual MCP API token.


Save the file and click Done.

Testing the Integration

To confirm the setup, open the Cline extension and try one of the following example prompts:

  • “Which CTF events are currently active?”

  • “What is the name of the team I am currently a member of?”

  • “Can you show me the leaderboard for CTF event <event name>? Format it as a table.”

💻 Cursor

Overview
Cursor is an AI-powered code editor designed to boost developer productivity with intelligent in-editor assistance. By integrating Cursor with HTB’s MCP (Model Control Protocol) API, you can access CTF-related tools and AI assistance directly from within the editor — allowing seamless interaction with Hack The Box events.

📦 Prerequisites

The following are required before proceeding with setup:

  • Cursor installed on your system

  • A valid MCP API token (obtained from Hack The Box)

  • Compatible operating system (macOS, Windows, or Linux)

⚙️ Setup Process

⚠️ Replace <API token> with your actual MCP API token provided by Hack The Box.

  1. Open or create a project in Cursor where you'll work on CTF challenges.

  2. In your project directory, create the following configuration file:

    .cursor/mcp.json

  3. Edit the file with the configuration below:

{
    "mcpServers": {
      "htb-mcp-ctf": {
        "url": "https://mcp.hackthebox.ai/v1/ctf/mcp/",
        "headers": {
          "Authorization": "Bearer <API token>"
        }
      }
    }
  }

⚠️ Important: Replace <API token> with your actual MCP API token.

  1. If prompted, click Enable to activate the configuration.

  2. Access the Agent panel by selecting Agent or using the keyboard shortcut:

    • macOS: ⌘I

    • Windows/Linux: Ctrl+I

Once complete, MCP tools will be available directly within the Cursor editor interface.

🧠 Using MCP Tools

Once configured, you can:

  • Interact with the MCP agent directly inside Cursor

  • Access CTF-specific tools and AI guidance

  • Submit and review your Hack The Box CTF solutions

🛠️ Troubleshooting

If MCP tools are not visible or functioning properly:

  1. Open the Command Palette:

    • macOS: ⇧⌘P or View > Command Palette…

    • Windows/Linux: Ctrl+Shift+P or View > Command Palette…

  2. Type and select View: Open MCP Settings.

  3. Verify that the MCP tools appear correctly.

  4. Ensure your API token is valid and entered without extra spaces.

  5. Confirm your internet connection allows access to https://mcp.hackthebox.ai/.

📘 Additional Resources

For more details, refer to the official Cursor Documentation.

🛠️ Supported Features via MCP

Category

Tool/Action

Description

Event Management

List CTF Events

Retrieve all available events

Retrieve CTF Details

Get detailed info about a specific event

Join CTF Event

Register a team for participation

Scoring & Analytics

Get CTF Scores

View team rankings and scores

Get All Solves

See all solves for an event

Get Team Solves

See the history of a specific team

Get Challenge Solves

View solves for a specific challenge

Team Management

Get My Teams

List all teams linked to your account

Challenge Interaction

Submit Flag

Submit a flag for validation

Get Download Link

Get a temporary signed URL for challenge files

Container Management

Start Container

Start a challenge container

Stop Container

Stop a challenge container

Container Status

Check the current status of the container

🔧 Generic Integration Instructions

You can also use any AI assistant or editor that supports Model Context Protocol (MCP) via either Streamable HTTP or studio.

Streaming HTTP

HTB's MCP server uses the Streamable HTTP transport of the MCP protocol. The following details must be provided for the connection:

URL: https://mcp.hackthebox.ai/v1/ctf/mcp/

HTTP Headers: Authorization: "Bearer <API token>"

Standard Input/Output (stdio)

Some clients/tools support only stdio protocol. MCP proxies can be used to bypass this limitation. One such example is mcp-proxy. mcp-proxy can be installed either as a standalone (installation instructions) or by using uv.

Standalone setup

Set the environment variable API_ACCESS_TOKEN to the value of the MCP token you generated in My Profile.

Use the following command in the tool of your choice

/path/to/mcp-proxy --transport streamablehttp https://mcp.hackthebox.ai/v1/ctf/mcp/

UV setup

Set the environment variable API_ACCESS_TOKEN to match to the value of the MCP token you generated in My Profile.

Use the following command in the tool of your choice

uvx mcp-proxy --transport streamablehttp https://mcp.hackthebox.ai/v1/ctf/mcp/
Related Articles
University Offerings
CTF User's Guide
CTF Marketplace
Managing a CTF Event
Did this answer your question?