GreyDGL
commented
1 year ago Yeah I also notice this issue. Will debug and figure out how to do it. For now, please just use the copy&paste method.
Closed Af7eR9l0W closed 1 year ago
GreyDGL
commented
1 year ago Yeah I also notice this issue. Will debug and figure out how to do it. For now, please just use the copy&paste method.
vmayoral
commented
1 year ago +1, Just tested natively in OS X.
I can also reproduce this issue. It appears that pentestgpt-cookie has turned invalid from the point wherein I submited https://github.com/GreyDGL/PentestGPT/pull/100 until now. Something might've changed on the server side. I can also confirm to get it to work by "manually copying".
Did a bit of further research, here're some observations (cookies below invalidated already 😉, but using them for the sake of depicting the issues):
GreyDGL
commented
1 year ago In my previous examination, I noticed that the varying cookie fields might be due to some third-party antibot verification (from Cloudflare) adopted by OpenAI. This prevents effective cookie retrieval/generation from browser simulation (Selenium, Playwright, etc.). For different OS/browsers, Cloudflare may have some custom verification methods, and the generated cookies are different. I think they're not directly related to OpenAI, but yeah we're sort of bypassing their verification. Anyway I think we shall at least maintain a valid cookie-based access to ChatGPT until the bypassing method becomes too complex. In the future, we may focus more on the API-based solution.
Af7eR9l0W
commented
1 year ago It seems like pycookiecheat may be culprit behind the unicode decode errors. Switching to browser_cookie3 solved it for me. I've included it my most recent pull request. As long as the varying cookie fields don't get too crazy, keeping an exclusion list inside a variable should suffice. I added that with my latest request as well. There is probably a better way to do it tho
vmayoral
commented
1 year ago It seems like pycookiecheat may be culprit behind the unicode decode errors. Switching to browser_cookie3 solved it for me. I've included it my most recent pull request. As long as the varying cookie fields don't get too crazy, keeping an exclusion list inside a variable should suffice. I added that with my latest request as well. There is probably a better way to do it tho
Nice approach!
I gave your fork a try at https://github.com/Af7eR9l0W/PentestGPT. Tested it in Darwin. Cookie produced with pentestgpt-cookie didn't work for me neither. Any thoughts?
Af7eR9l0W
commented
1 year ago Nice approach!
I gave your fork a try at https://github.com/Af7eR9l0W/PentestGPT. Tested it in Darwin. Cookie produced with
pentestgpt-cookiedidn't work for me neither. Any thoughts?
Try changing this url to the variable URL. If that doesn't work you can view the CookieJar by adding a print statement on the following line. As a last resort try getting it through your browser since it could be an issue with my code. Modifying the BROWSER_COOKIE_DB to another chromium based browser (edge works great for me) is worth a shot.
Here recently it seems no matter how you get the cookies or which one you use it doesn't want to work. It definitely feels like browser verification stuff has ramped up. Since creating pull request I've gotten 3 new cookie fields _cfuvid, _gauf,_cfu_. However, I wouldn't be surprised to learn its been user error all along.
If only the api wasn't so damn expensive
CarlosCarlos109
commented
1 year ago Hi there. Nice work Grey. Does it work on Kali? Kind regards;
GreyDGL
commented
1 year ago @CarlosCarlos109 Was working on some other features. Will start to implement support for Kali this week. My testing shows that Kali with Python3.10 works, and there's some compatibility issue with Python3.11
CarlosCarlos109
commented
1 year ago Thank you very much for the information @GreyDGL. I will try to use venv python then. Good work!! @GreyDGL I'll be waiting for new developments, gladly would help. Kind Regards;
Running the most recent version of kali. Tried using pip installs via user, anaconda, and running it from the repos /pentestgpt/extract_cookie.py directory. Changing the site-packages chatgpt_config.py and using the expected export methods.
export BROWSER_COOKIE_DB=/home/poob/.config/google-chrome/Default/Cookiespentestgpt-cookieAfter testing the script on mint, (and changing the user agent) it works no problem. Adding some debug prints shows the cookie begins with a
gainstead of the usualintercomExample:
This cookie wont work, even if you omit the
gapart. Opening chrome and obtaining the cookie the old way works just fine. Comparing the curl command from the browser vs the one the script outputs, it appears they use different cookies. Changing the url in extract_cookies.py tohttps://chat.openai.com/api/auth/session'fixes the script and outputs the same cookie as the browser. Applying this change to the mint install did nothing. I'm not sure if its an issue with my kali install or an issue with kali in general.