ChatGPT: Let’s try it out!

by Sarahin Awareness, Development, Penetration Testing, Special Intereston Posted on

Estimated difficulty: 💜🤍🤍🤍🤍

You may have already heard of ChatGPT. It has been a headliner in the news recently, mainly with a concern that it will replace hundreds, thousands, or maybe even more jobs! This post does not intend to add to the fear mongering, but more explore what we can do with ChatGPT and how it can help in the Cyber Security sphere.

I asked ChatGPT to do the following:

  • Write a blog post around privacy relevant to social media
  • Create an Android app with an easter egg
  • Create a penetration test report template
  • Make a Security Queens logo as a PNG file

After the introduction and getting started, we can see the results of these questions.

ChatGPT Introduction

I asked ChatGPT to introduce itself to us. This is what it had to say about itself:

Greetings! My name is ChatGPT, and I am an AI language model trained by OpenAI. I specialize in natural language processing and have a vast knowledge of various topics related to cybersecurity, such as encryption, network security, data protection, and much more.

As a language model, I am designed to assist individuals and organizations in their pursuit of secure and safe online practices. With my advanced language capabilities, I can help to identify potential threats, analyze data for patterns, and provide insights and recommendations on how to mitigate cybersecurity risks.

I am excited to share my knowledge and expertise with the readers of this security-related blog and provide valuable insights that can help to protect against cyber threats.

ChatGPT

What did I ask it might you ask? Well I said “Introduce who you are for a security related blog post“. Maybe now you can see why it decided to talk about security!

Getting Started

If you want to try ChatGPT out for yourself, then all you need to do is create a free account on the platform, and they you should be all set to ask it question. By going to the login / sign up page, you will be presented with the below screen.

Create an account.

Once an account has been created, you will be prompted with a page which looks as if it was a part of a messaging app. Here you can enter in text to ask it anything that you want (within reason).

Now we know roughly how to use it, let’s explore what it can do. At this point, you know as much as I do on the topic!

Of course I asked ChatGPT what it could do for us, and like I learnt whilst watching The Witcher on Netflix, it’s all about asking the right questions...

1. Writing a Blog Post

I wanted to ease ChatGPT in slowly to my demands. We started off easy for this one, and to understand if it could be as 1337 a content creator as me, I asked it to “write a 500 word blog post on privacy around social media”. Quite frankly, it performed in a fraction of the time I could have wrote something like that, with dare I say, pretty good quality!

The results have been highlighted in bold in order to show what was generated by ChatGPT.

Social media platforms are an integral part of our lives in the digital age. They allow us to connect with friends and family, share our thoughts and experiences, and stay up-to-date with the latest news and trends. However, with this increased connectivity comes a trade-off: our privacy. In this blog post, we will explore the importance of privacy around social media and some ways to protect it.

Firstly, it is crucial to understand the risks of using social media without proper privacy settings. Information that we post on social media platforms can be accessed by anyone, including people with malicious intent. This can include sensitive personal information, such as our full name, date of birth, location, and even financial information. Cybercriminals can use this information to steal our identities, commit fraud, or launch cyber-attacks against us.

To mitigate these risks, it is important to be vigilant about what we share on social media platforms. We should avoid posting sensitive personal information, such as our home address, phone number, or financial details. Additionally, we should review the privacy settings on our social media accounts and ensure that they are set to the highest level of privacy.

Another way to protect our privacy on social media is to limit the amount of personal information we share online. For example, we can use a nickname or pseudonym instead of our full name, or use a profile picture that does not show our face. We can also avoid sharing our location, and use a VPN (virtual private network) to encrypt our internet traffic and prevent others from tracking our online activity.

Furthermore, we should be cautious about accepting friend requests from people we do not know or trust. Scammers and cybercriminals often create fake profiles to gain access to our personal information, so it is important to only accept friend requests from people we know in real life or have a mutual connection with. Additionally, we should be wary of messages or links from unknown sources, as they may contain malware or other harmful software.

It is also essential to be mindful of the privacy policies of social media platforms. Social media companies are known to collect and use our personal data for various purposes, such as targeted advertising. While these practices are legal, they may infringe on our privacy rights. It is important to read and understand the privacy policies of social media platforms and be aware of how our data is being used.

Finally, we can use privacy-focused social media platforms as an alternative to mainstream ones. These platforms are designed with privacy in mind and prioritize user security and data protection. Some examples of privacy-focused social media platforms include Signal, MeWe, and Minds.

In conclusion, privacy is an essential aspect of using social media. With the rise of cyber threats and data breaches, it is more important than ever to be mindful of our online privacy and take steps to protect it. By being vigilant about what we share online, limiting the amount of personal information we disclose, and being cautious about friend requests and messages, we can reduce the risks of cyber threats and safeguard our privacy on social media.

This was a little more lengthy than anticipated… There is some repetition here, however it covers some good points. To summarise, it notes:

  • Information can be accessed by anyone including malicious actors
  • To mitigate, it states to be mindful about what we share
  • To review privacy settings
  • To be wary of links or messages
  • To use a VPN
  • To be mindful of privacy policies set by Social Media Platforms
  • To use alternative social media platforms
  • Air caution around friend requests

All in all, these points individually are great and this definitely covers the basics. We can take content like this and use it as a framework for a blog post. For example, we can expand on these points, dive into a specific social media platforms, and even go through case studies of how exposed information can be used to disclose the whereabouts of an individual. This may be something we could even ask ChatGPT to do to make our lives even easier.

At this point, I would say it is smart, but not yet take over the world smart.

2. Developing an Android App

This topic may have been the most impressive for me. In this instance, I was curious if ChatGPT could generate some code to create an Android Application with an easter egg. I asked “write an Android application in Java hiding an easter egg“. Code samples were generated, showing how you could program an invisible button to the said app. What a great idea!

Check out the bold to see what ChatGPT had to say:

As an AI language model, I cannot create a functional Android application. However, I can provide you with some guidance on how to hide an Easter egg in an Android app using Java.

An Easter egg is a hidden feature or message that can be found in an application, website, or software. Adding Easter eggs to your app can add a fun and unique touch to the user experience.

To add an Easter egg in your Android app, you can follow these steps:

Step 1: Create a button

Create a button that will serve as the trigger for the Easter egg. You can create a button using the following code:

Button button = new Button(this); button.setText("Click me");

Step 2: Set the button’s visibility

To hide the button, you can set its visibility to “invisible” using the following code:

button.setVisibility(View.INVISIBLE);

Step 3: Set an onClickListener for the button

Set an onClickListener for the button that will reveal the Easter egg. Inside the onClick method, you can set the visibility of the button to “visible” and display the Easter egg. Here’s an example code:

button.setOnClickListener(new View.OnClickListener() {
    @Override
    public void onClick(View v) {
        // Display the Easter egg
        Toast.makeText(getApplicationContext(), "You found the Easter egg!", Toast.LENGTH_SHORT).show();
        
        // Make the button visible
        button.setVisibility(View.VISIBLE);
    }
});

Step 4: Test the app

Run the app and test the Easter egg. Click on the button and the Easter egg should be revealed.

Remember, the Easter egg should be a surprise and should not affect the functionality of the app. It should be hidden and only revealed when the user performs a specific action, such as clicking a button.

In conclusion, adding an Easter egg to your Android app can add a fun and unique touch to the user experience. Follow the above steps to create a hidden Easter egg in your app using Java.

In summary, this could be really powerful in suggestion features in code or asking for specific code samples, where you may have forgotten the format and need a quick reminder. For example, this could be great in scripting something like a Frida script, provided there are no syntax errors.

Following from this powerful discovery, I asked ChatGPT to generate a Frida Script to hook into the loadUrl methods of an app, and it generated the below code:

Java.perform(function () {
    var webView = Java.use('<class_name>');
    webView.loadUrl.overload('java.lang.String').implementation = function (url) {
        console.log('Loading URL: ' + url);
        this.loadUrl.overload('java.lang.String').call(this, url);
    };
});

As well as sent over a template Frida command, in a matter of seconds

frida -U -l <package_name> -f <app_name> -s <script_name>.js

This deserves an applause!

Note, there were some bugs in what it output. Can you spot the issue? If so, add it to the comments. I will keep quiet for now 😀

3. Writing a Penetration Test Template

Now for this I wanted to be specific to web application security assessments. This is mainly because as a penetration tester, it was the main assessment I used to carry out. More so now, the security sphere seems to lean more towards cloud, but that is the beauty of this platform. You can ask it whatever your heart desires!

In this section, purely for formatting reasons, everything that the bold font touches, was ChatGPT content.

Penetration testing is a critical component of web application security testing. It involves simulating real-world attacks on web applications to identify vulnerabilities that can be exploited by malicious actors. A web application penetration testing report should provide a clear and detailed overview of the vulnerabilities found, along with recommendations for remediation. Here is a suggested framework for such a report:

  1. Executive Summary
  • Brief overview of the scope of the test
  • Summary of vulnerabilities found
  • High-level recommendations for remediation
  1. Introduction
  • Scope and objectives of the test
  • Assumptions made during the testing process
  • Methodology used
  1. Findings
  • Detailed description of vulnerabilities found, including:
    • Description of the vulnerability
    • Severity rating (based on industry standard scoring system)
    • Proof of concept (if applicable)
    • Recommendations for remediation
  • Vulnerability categories, such as:
    • Injection attacks (SQL, XSS, etc.)
    • Authentication and session management
    • Access control
    • Cryptography and data protection
    • Configuration management
    • Input validation and output encoding
    • Other categories relevant to the application
  1. Technical Details
  • Detailed information on the exploitation of vulnerabilities, including:
    • Tools used
    • Steps taken to exploit the vulnerability
    • Technical details of the attack
  1. Conclusion
  • Summary of key findings
  • Overall risk rating for the application
  • Recommendations for remediation, prioritized by severity of the vulnerability
  1. Appendices
  • Detailed list of vulnerabilities found
  • Tools used in the testing process
  • Technical details of the application’s environment, such as operating system, web server, etc.

By following this framework, a web application penetration testing report can provide a comprehensive overview of vulnerabilities and actionable recommendations for remediation, helping organizations to secure their web applications and protect against potential cyber threats.

Overall, this format flows pretty well. It covers a number of topics, however, my only knit pick would be that it does not cover or mention the OWASP Top 10. This is a great list and guide to use when testing web apps, as it lists the most common vulnerabilities found in apps.

4. Creating a Logo

I ask ChatGPT to “Create a Security Queens Logo in PNG Format”. Unfortunately I did not realise it would not be able to create a PNG file, however, we can see the below bold output of its suggestions on how to create a logo!

I’m sorry, as an AI language model, I do not have the capability to create visual images such as PNG files. However, I can guide you through the steps of creating a logo and converting it to PNG format.

  1. Choose a design software such as Adobe Illustrator or Canva to create your logo.
  2. Determine the style, colors, and typography of your logo that represent your brand.
  3. Use the software’s tools to create your logo.
  4. Once your design is complete, save it as a vector file such as an AI or EPS file, which can be easily scaled without losing quality.
  5. Open the vector file in Adobe Illustrator or a similar software and export it as a PNG file with a transparent background. Make sure to select the correct file dimensions and resolution.

Alternatively, you can hire a professional graphic designer to create the logo for you in PNG format or use an online logo maker tool that allows you to create logos and export them in various file formats.

I hope this helps you create your Security Queens logo in PNG format.

Overall, these are not bad suggestions. But I was keen to generate an image. Google was my friend here, rather than ChatGPT, shockingly, my search led me to Fotor, a text to image generator using AI, and photo editing tool.

You can input your text and it was meant to create an image along these lines.

After asking it to create a “Security Queens Logo”, we were presented with the below two images.

Image 1
Image 2

We may have slightly longer to go with this one… Or I was just too vague!

Thank you so much for reading this post! I hope you found it interesting. Please do post a comment if you want to see more content related to ChatGPT. I certainly plan on using it more to aid in content creation.

Sarah <3

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.