How I Created a Web Code Analyzer Using ChatGPT
2023-12-7 01:40:46 Author: infosecwriteups.com(查看原文) 阅读量:7 收藏

Jarred Longoria

InfoSec Write-ups

Hey everyone, I’m super excited to share something I’ve been working on for all of you. It’s an advanced web source code analyzer, but not just any analyzer. I’ve designed it specifically for folks like us — security researchers, bug bounty hunters, and really, anyone who dives into source code.

I know, I know — there are tons of tools out there, but here’s the thing. I was motivated to make something that uses the power of AI, especially ChatGPT, in a cool, practical way.

I’ve always been a fan of ChatGPT for speeding up various tasks. This realization led me to develop an analyzer that not only simplifies the initial stages of source code examination but also provides insightful starting points based on its findings. So, I said why not create something that does just that for all of us?

I got to work. The result? An analyzer that doesn’t just do the heavy lifting for us but also gives us a solid starting point to understand what’s going on in any piece of source code we’re curious about. It provides you with majority of well known web vulnerabilities like XSS, API key exposure, endpoints, CSRF, PII, and many more. It’s all about cutting down on the grunt work and skipping straight to the good stuff.

I really hope this tool makes your life a bit easier and your code analysis a bit more fun. Can’t wait to hear what you think and see how it helps you in your own projects!

My ChatGPT Web Analyzer

Click here to access my Web Code Analyzer.

Now, let’s dive into how I created the GPT web analyzer. I’m excited to walk you through the steps, hoping this will guide you to kickstart your own GPT project, tailored to whatever purpose you have in mind. Also, if you’re eager to try out my analyzer firsthand, I’ll be sharing a public link so you can use it for your own projects.

I’d like to clarify something. You need ChatGPT 4, the latest upgraded version, to create a GPT model, but that’s actually not the case for using my web analyzer. You can use it without needing the ChatGPT 4 version.

My First Step In Creating the GPT

You start by creating the GPT from clicking the “Explore” tab on the side.

Then click the “Create a GPT”.

You should be in the configuration page that looks like this.

Here’s where the magic happens in drafting your GPT model. On the left side panel, you’ll find the controls to command the AI — this is where you tell it what to create, remove, or apply in the process of building your GPT. It’s like the command center for your creativity.

On the right side, you’ll see a preview panel. This is where you can see a live demonstration of your creation. It allows you to test the features and fine-tune your GPT, giving you a real-time glimpse of what’s working well and what might need a tweak.

Next, I’ll walk you through the instructions I gave to the GPT for crafting my analyzer. I hope it will not only enlighten you but also spark inspiration for setting up your own innovative projects.

So, let’s dive into how I communicated my vision to the GPT and transformed it into a functional tool.

Here are my responses

Task 1: I told the GPT to focus on programming languages — specifically HTML, CSS, and JavaScript. I wanted to craft a tool capable of reading and understanding these languages from user-uploaded or pasted source code from webpages they want analyzed. After uploading or pasting the code, I wanted the web analyzer to detect well-known web vulnerabilities.

Once the GPT grasped the concept of what I aimed to create, it prompted me for two final details to complete the setup process. A unique name for the tool and an image to represent it.

Next, I needed to specify the task and function I would like the web analyzer to focus on. I pretty much said the same thing as Task 1, but just specified it a bit more.

Task 2: The main function I envision for the analyzer is straightforward yet powerful. Once a user copies a snippet of source code, either directly from a website via browser developer tools or from a previously saved snippet, and pastes or uploads it into the analyzer, its primary job kicks in.

The tool will then scan this code, hunting for any known web vulnerabilities. This includes, but is not limited to, broken authentication, personally identifiable information (PII), exposed endpoints, API keys, and any other irregularities.

It then asked me to specific the types of content, behavior, and what to avoid for the Web Code Analyzer. Also, what I should prioritize or steer clear of during its analysis.

Task 3: My goal is to streamline the analyzer to automate and simplify the detection of vulnerabilities and API keys in HTML, CSS, and JavaScript code. It’s essential to filter out unnecessary data, focusing on the most severe and exploitable vulnerabilities. The analyzer will produce clear reports with actionable recommendations and remediation steps.

Its primary focus is to aid security researchers and bug bounty hunters by not only identifying issues but also providing insights on evaluating and addressing these vulnerabilities, particularly useful for those working on bug bounty program targets.

The following two tasks were quite straightforward. They involved specifying the level of detail I wanted the GPT to provide in its responses to users, and how it should react when faced with incomplete or unclear information.

Task 4: I want this analyzer to strike the perfect balance, to have technical jargon, but still keep it simple and accessible for a wider audience. I also would like detailed recommendations and remediation steps for this analyzer.

Task 5: Absolutely, I want the GPT to be proactive in cases where the information it receives is incomplete or ambiguous. It should politely request additional details and, based on the data it has, make some educated guesses to craft a thoughtful response.

The Final Stage

Finally, once all these tasks were checked off, I moved on to the next phase. Setting up the rest of the system and diving into testing. I spent some time experimenting with it on the preview side, making small tweaks here and there. Gradually, I fine-tuned everything until it matched my vision perfectly.

After perfecting the tool to my satisfaction, the exciting moment arrived.. Publishing my work for all of you. I’m thrilled to invite you, those reading and everyone, to test it out and share your experiences.

My link to the Web Code Analyzer.

Thank you so much for taking the time to read about my journey in creating this advanced web code analyzer. I’m eager for you to try it and hope you find it useful. Your feedback would be helpful to me, as I’m continually working to enhance its efficiency and effectiveness. I look forward to hearing your thoughts and experiences!

If you liked this article please press that clap button. Feel free to follow me on Twitter and here on Medium to stay updated on my latest articles and to get in touch. Don’t forget to visit my Website too, where you’ll find a more of my tech insights and cybersecurity tips.


文章来源: https://infosecwriteups.com/how-i-created-an-advanced-web-code-analyzer-using-chatgpt-6b32a7d42f88?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh