Using ChatGPT for Bug Bounty and finding vulnerabilities
Hi fellows, my name is Sirat, I am 23yo from Iraq, Kurdistan and independent security researcher at HackerOne platform.
At this story I would like to share some guides for bug bounty hunters and new peoples who came in to bug bounty or cyber security world for how to use ChatGPT in a correct way to improve your performance with ChatGTP.
Due to geographic and nature reasons im not very good with english language since its not my mother language, sorry if its disturbing you or you didn’t understand something.
What can we do with ChatGPT?
ChatGPT itself is an AI that mostly used for guiding or helping users based on their requires, it doesn’t make you a pizza but it can tell you what pizza is made from and it sounds pretty normal since you already can google it but it also can tell you what happens if you add too much tomato to the pizza or if there’s any pineapple pizzas…
Fortunately, ChatGPT is pretty good about tech and coding or anything we need about Cyber Security, eg it can tell you which vulnerability can cause information leakage such as SQLi and how to exploit it while you may have 0 knowledge about it.
We already know that those information are already public and it doesn’t work for everyone and every time since everyone can ask same thing and its pretty easy for everyone, this is not the correct way to use ChatGPT, so we need to go further and deeper with ChatGPT to use it for our purposes.
Learn Bug Bounty with ChatGPT
There’s tons of resources that we can use to learn bug bounty and ChatGPT is on of the best of it.
What so special about ChatGPT is it can teach you in real time:
Now lets make it more personal:
And even more:
For example you love coding review and want to find bugs in open sources:
Learning with ChatGPT is pretty fun because it looks like you talking with someone who already knows everything about the topic you are asking about.
You can totally customize the resource you are learning from based on what kind of things you want to learn and questions you want to get rid of.
Doing Recon stuff with ChatGPT
If you don’t know how to recon:
Customize it based on your target:
“how to recon on a wordpress website?”
Do your target supports android app?
You can use ChatGPT to create a wordlist based on your target, username or email or subdomains or anything you think about.
What you need is make ChatGPT to know how your target is and how does it work.
Finding vulnerabilities with ChatGPT
You can tell ChatGPT what is your made from and what kind of vulnerabilities the technology can be affected:
Do you have anything sensitive about your target?
What if you totally leave your target to ChatGPT?
Escalate your findings:
Make it work based on your target functions:
There’s tons of other ways to work with ChatGPT to find vulnerabilities in your target, what I have shown is mostly for peoples who are new in bug bounty but if you already have a good experience with bug bounty you must know what kind of prompts can work for you.
ChatGPT can make you find vulnerabilities but not if you have 0 knowledge about bug bounty, so remember that you still need enough skills of it.
Writing reports with ChatGPT
If you have a bad english like me, or you haven’t written any reports before, you can use ChatGPT to create a beautiful report of your vulnerability.
Have you forgotten the summary?
You can even let ChatGPT to write the whole thing:
Something else
While ChatGPT cannot help you 100%, you can still make it very useful for yourself and learn new things from it.
Personally I have found several bugs by using ChatGPT and I have found bugs that I wasn’t sure about the impact I used ChatGPT to make sure about its impact.
Same as everything else, you need to practice on how to use ChatGPT, you need to find the best way of how to ask your question, how to make ChatGPT to know you target and work on exactly what you need…
As always, I end my short story at here, thank you for everything and apologize for anything in that story.
Don’t forget to follow me and be updated for my latest stories:
https://twitter.com/siratsami71