Sytten
commented
9 months ago - Explain that we offer an assistant feature to pro users
- Helps you understand requests, elements like headers, suggests attack vectors
- Tailored for security research
- Data is sent to a third party (OpenAI) and can be stored for up to 30 days
- Make sure to anonymize sensitive information
- Credits system
- To prevent abuse, we have a credit system
- Credit usage depends on the model used, currently only chatgpt 3.5
- 1 credit = 1 token
- A token is generally a word or part of a word
- Link to site explaining what a token is (https://platform.openai.com/tokenizer)
- Explain requests
- Helps you understand what a request is doing
- Be careful if the payload is huge, this can cost a lot of credits
- Right click screenshot + AI response screenshot
- Generate CSRF
- This is a proof of concept, we are planing to add more attacks in the future
- You can generate CSRF payloads (https://owasp.org/www-community/attacks/csrf) for a specified request
- Right click screenshot + AI response screenshot