diff --git a/.gitignore b/.gitignore index cf14061..a6e30b3 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ __pycache__/ *.py[cod] *$py.class -config/ +config/chatgpt_config.py outputs/ .idea log/ diff --git a/README.md b/README.md index 20fa5b6..2a6b885 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,5 @@ # PentestGPT -17/04/2023: Due to the additional verification by OpenAI, you now need to pass the full `cookie` variable into the session. -You can obtain it from `https://chat.openai.com/api/auth/session`, by examining the HTTP request cookie. Check the updated chatgpt_config_sample. -I'll try to fix this later. - - ## Introduction **PentestGPT** is a penetration testing tool empowered by **ChatGPT**. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration testers in both overall progress and specific operations. A sample testing process of **PentestGPT** on a target VulnHub machine (Hackable II) is available at [here](./resources/PentestGPT_Hackable2.pdf). diff --git a/login_test.py b/login_test.py new file mode 100644 index 0000000..66a40a9 --- /dev/null +++ b/login_test.py @@ -0,0 +1,46 @@ +import unittest +from http.cookies import SimpleCookie +from config.chatgpt_config import ChatGPTConfig +from utils.chatgpt import ChatGPT + + +def main(): + chatgpt_config = ChatGPTConfig() + cookie_raw = chatgpt_config.cookie + # convert cookie to dict + cookie = SimpleCookie() + cookie.load(cookie_raw) + cookies = {k: v.value for k, v in cookie.items()} + print(cookies) + cookie_keys = list(cookies.keys()) + # for elements in cookie, test if one can be discarded + # create a copy of the cookies + cookies_copy = cookies.copy() + for key in cookie_keys: + print("Current cookie length", len(cookies_copy)) + # remove one element + cookies_copy.pop(key) + # create a cookie string with all the elements except the one removed + cookie_string = "; ".join([f"{k}={v}" for k, v in cookies_copy.items()]) + # print(cookie_string) + chatgpt_config.cookie = cookie_string + try: + chatgpt = ChatGPT(chatgpt_config) + text, conversation_id = chatgpt.send_new_message( + "I am a new tester for RESTful APIs." + ) + result = chatgpt.send_message( + "generate: {'post': {'tags': ['pet'], 'summary': 'uploads an image', 'description': '', 'operationId': 'uploadFile', 'consumes': ['multipart/form-data'], 'produces': ['application/json'], 'parameters': [{'name': 'petId', 'in': 'path', 'description': 'ID of pet to update', 'required': True, 'type': 'integer', 'format': 'int64'}, {'name': 'additionalMetadata', 'in': 'formData', 'description': 'Additional data to pass to server', 'required': False, 'type': 'string'}, {'name': 'file', 'in': 'formData', 'description': 'file to upload', 'required': False, 'type': 'file'}], 'responses': {'200': {'description': 'successful operation', 'schema': {'type': 'object', 'properties': {'code': {'type': 'integer', 'format': 'int32'}, 'type': {'type': 'string'}, 'message': {'type': 'string'}}}}}, 'security': [{'petstore_auth': ['write:pets', 'read:pets']}]}}", + conversation_id, + ) + except Exception as e: # when error + # add the element back + print(e) + cookies_copy[key] = cookies[key] + + print("final cookie string:") + print(cookies_copy) + + +if __name__ == "__main__": + main()