Getting this issue: - Githubissues

billstackpole commented 1 year ago

Describe the bug various errors thrown as follows. Seems that (bottom line) an auth error and reattempts to auth may have led to cloudflare blocking the egress NAT IP of my VMs. (ouch)

But using the browser interface, which appears to be using the same cookie material, allows for ChatGPT interaction.

After all this, thinking that it might be helpful for the output to include some clear messaging / feedback indicating the auth error, that this might cause cloudflare blocks, and some clear ideas on process to go about finding / validating block / process to unblock (clear as mud to me so far )

Thougths?

here is what I believe my process was: pasted cookie and api key into config file error thrown - appeared that log file could not be written chmod o+w -R re-ran - error thrown - (api key and cookie need to be environment vbls) exported those two items and validated they are in output of env then ran ==> lines

==> python3 /usr/local/lib/python3.8/dist-packages/pentestgpt/main.py__ Output: begin paste Do you want to continue from previous session? (y/n) n

ChatGPT Sessions Initialized. Please describe the penetration testing task in one line, including the target IP, task type, etc.

hi I want to test 10.0.0.5
Task information generated.

Traceback (most recent call last): File "main.py", line 33, in main() File "main.py", line 29, in main pentestGPTHandler.main() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 643, in main self.initialize(previous_session_ids=loaded_ids) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 221, in initialize self._feed_init_prompts() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 147, in _feed_init_prompts self.prompts.first_todo + _response TypeError: can only concatenate str (not "tuple") to str end paste

==> wireshark

capture shows DNS lookups to openai via cloudflare - but as all content TLS, obfuscated and not seeing any clear auth OK or auth error.

==> pentestgpt --reasoning_model GPT4 --useAPI error changes to: begin paste Do you want to continue from previous session? (y/n) n
- ChatGPT Sessions Initialized. Please describe the penetration testing task in one line, including the target IP, task type, etc.
  
  Hi I want to test 10.0.0.5
  Traceback (most recent call last): File "/usr/local/bin/pentestgpt", line 8, in sys.exit(main()) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/main.py", line 29, in main pentestGPTHandler.main() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 643, in main self.initialize(previous_session_ids=loaded_ids) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 221, in initialize self._feed_init_prompts() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 142, in _feed_init_prompts _response = self.reasoning_handler(prefixed_init_description) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 228, in reasoning_handler response = self.chatGPT4Agent.send_message( File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/chatgpt_api.py", line 151, in send_message conversation = self.conversation_dict[conversation_id] KeyError: None

end paste

Removing the "--useAPI" results in:

begin paste ==> pentestgpt --reasoning_model GPT4 Do you want to continue from previous session? (y/n) n

ChatGPT Sessions Initialized. Please describe the penetration testing task in one line, including the target IP, task type, etc.

Hi I want to test 10.0.0.5
Task information generated.

Traceback (most recent call last): File "/usr/local/bin/pentestgpt", line 8, in sys.exit(main()) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/main.py", line 29, in main pentestGPTHandler.main() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 643, in main self.initialize(previous_session_ids=loaded_ids) File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 221, in initialize self._feed_init_prompts() File "/home/kali/.local/lib/python3.8/site-packages/pentestgpt/utils/pentest_gpt.py", line 147, in _feed_init_prompts self.prompts.first_todo + _response TypeError: can only concatenate str (not "tuple") to str

end paste

finally checked log file and found "...pentestgpt.utils.chatgpt:get_authorization:<123 && 124> - You encounter an error when communicating with ChatGPT. The most likely reason is that your cookie expired." followed by "...

Sorry you have been blocked.

..." "... [IP: | Ray ID: ] ..." "... ::CLOUDFLARE_ERROR_500S_BOX:: ..." then "... <date/time> | ERROR | pentestgpt.utils.chatgpt:send_new_message184 - ..." (and this cycle repeats - getauth, expired cookie, you have been blocked)

But using the browser interface, which appears to be using the same cookie material, allows for ChatGPT interaction.

GreyDGL commented 1 year ago

This should be an issue with the current interaction logic. The to_do command requires the user to input at least one "test progress" information so that it could analyze the task information. This means that after initialization, user ideally should use next command to input some recon result first.

I'll fix this bug. Meanwhile, can you try if the problem persist if you use next command first to write some information, and then run to_do again?

GreyDGL commented 1 year ago

This issue should be fixed now. Please check if the issue persists.

RitchZoeSquad commented 1 year ago

This issue is still happening please fix it; this was a really cool application. I even uninstalled it and re installed and the issue is still happening

GreyDGL commented 1 year ago

This is so strange.. I cannot reproduce it locally. May you guys please paste the complete output of pentestgpt-connection and the error message?

RitchZoeSquad commented 1 year ago

Im still experiencing with it. Even after exporting my key.

GreyDGL commented 1 year ago

May I confirm if you have linked a payment method to OpenAI API?

RitchZoeSquad commented 1 year ago

Greetings yes I have.

Get Outlook for iOShttps://aka.ms/o0ukef

From: Gelei Deng @.> Sent: Sunday, June 18, 2023 11:13:04 AM To: GreyDGL/PentestGPT @.> Cc: Ritch Cuvier @.>; Comment @.> Subject: Re: [GreyDGL/PentestGPT] Getting this issue: (Issue #111)

May I confirm if you have linked a payment method to OpenAI API?

— Reply to this email directly, view it on GitHubhttps://github.com/GreyDGL/PentestGPT/issues/111#issuecomment-1596180531, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANBHJVK7UYG4Q7W4IZEMFELXL4LIBANCNFSM6AAAAAAYY4E5HA. You are receiving this because you commented.Message ID: @.***>

anoth3rus3r commented 1 year ago

I experienced a similar problem:

└─# pentestgpt --reasoning_model=gpt-3.5-turbo --useAPI
Your CHATGPT_COOKIE is not set. Please set it in the environment variable.
Welcome to pentestGPT, an automated penetration testing parser empowered by GPT.
The settings are: 
 - reasoning model: gpt-3.5-turbo
 - use API: True
 - API base URL: https://api.openai.com/v1
 - log directory: logs
Do you want to continue from previous session? (y/n) n
- ChatGPT Sessions Initialized.
Please describe the penetration testing task in one line, including the target IP, task type, etc.
> HTB, OS Linux, 10.10.11.224
Traceback (most recent call last):
  File "/usr/local/bin/pentestgpt", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/main.py", line 37, in main
    pentestGPTHandler.main()
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 667, in main
    self.initialize(previous_session_ids=loaded_ids)
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 245, in initialize
    self._feed_init_prompts()
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 166, in _feed_init_prompts
    _response = self.reasoning_handler(prefixed_init_description)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 252, in reasoning_handler
    response = self.chatGPT4Agent.send_message(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/chatgpt_api.py", line 231, in send_message
    conversation = self.conversation_dict[conversation_id]
                   ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
KeyError: None

It;s replicate on my diffrent vm's.

anoth3rus3r commented 1 year ago

I experienced a similar problem:

└─# pentestgpt --reasoning_model=gpt-3.5-turbo --useAPI
Your CHATGPT_COOKIE is not set. Please set it in the environment variable.
Welcome to pentestGPT, an automated penetration testing parser empowered by GPT.
The settings are: 
 - reasoning model: gpt-3.5-turbo
 - use API: True
 - API base URL: https://api.openai.com/v1
 - log directory: logs
Do you want to continue from previous session? (y/n) n
- ChatGPT Sessions Initialized.
Please describe the penetration testing task in one line, including the target IP, task type, etc.
> HTB, OS Linux, 10.10.11.224
Traceback (most recent call last):
  File "/usr/local/bin/pentestgpt", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/main.py", line 37, in main
    pentestGPTHandler.main()
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 667, in main
    self.initialize(previous_session_ids=loaded_ids)
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 245, in initialize
    self._feed_init_prompts()
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 166, in _feed_init_prompts
    _response = self.reasoning_handler(prefixed_init_description)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/pentest_gpt.py", line 252, in reasoning_handler
    response = self.chatGPT4Agent.send_message(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/pentestgpt/utils/chatgpt_api.py", line 231, in send_message
    conversation = self.conversation_dict[conversation_id]
                   ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
KeyError: None

It;s replicate on my diffrent vm's.

Adding payments in to the account in the https://platform.openai.com/ panel solved this problem.

hikame commented 1 year ago

To get more detailed error log, add assert(0) after except Exception as e: in pentestGPT::initialize can help.

GreyDGL / PentestGPT

Getting this issue: #111