After a while I decided to look back again at the Python's GUI in Tkinter. Below you'll find few notes about it. Here we go...
This time we'll start here:
Intro
In the past I created more or less small programs to automate few of the 'daily activities' and use it during pentest projects.
This time I decided to do a similar thing - but during this 'review of the GUI' I decided to "cheat" a bit... and I used ChatGPT.
My goal (for testing ChatGPT abilities to create GUI apps) was to create a small GUI app for sqlmap available in Kali Linux. In my opinion it was a good choice because I could use some "docker-vulnerable-app" and test it on my localhost.
Let's move forward.
Lab
To prepare the LAB I used a docker image purposedly created to be vulnerable for SQL injection attack.
I started it on Kali using docker, like this:
If you want - at this stage - it could be a good idea to catch one-or-two requests (using Burp Proxy) and save it to TXT file for future use and testing. ;)
But for now - let's move forward:
Simple Example:
The goal is simple: "create a GUI for sqlmap", right? ;)
And, yeah: it can also be a "prompt" to type in ChatGPT to "observe" the results and check it by your self in Kali Linux/VM.
In my case the way from point A to point B was even more simple: I decided to ask ChatGPT for each detail, one by one.
Can you create an app with 1 window? yes/no
Can you add an input? yes/no
Can you present any results in 'results window'? yes/no
...and so on.
And now the funny part ;) If you already know some python and tkinter - it will be extremely easy for you to develop apps using ChatGPT.
To not spoilt it to much: ChatGPT will "never" create a 100% app you'd like to see. So knowing some basics will help you a lot and you'll be able fix the code if you need to.
After a while we should be somewhere here:
- we have a copy/paste raw request (similar to the one we'd use in Burp Proxy; in sqlmap we'll use it with "-r" parameter)
- can have a vulnerable webpage with SQL injection bug (our docker image)
- we have a plan to use our super-new-GUI-app. ;)
Let's see what we have after a while with ChatGPT and some manual fix of the output code.
One of the possible examples is presented below:
So far we have in our GUI possibility to:
- SQL injection from URL
- SQL injection from file
- SQL injection to sql-shell (if possible).
So far looks good, isn't it? ;)
In my opinion ChatGPT can be a good "interactive programming tutorial".
But I think it's more interesting if you already have some basics (from "traditional" tutorials ;)).
TL;DR:
Example code is available here:
Remember to use it only for legal purposes.
Have fun!
Brak komentarzy:
Prześlij komentarz