ChatGPT
Adapted from NahamSec's video on YouTube: https://www.youtube.com/watch?v=0lq-CokNjSI
General format
Legitimacy statement
Task
Technical context
Output constraints
Knowledge boundaries
Success criteria
1. Legitimacy statement
To inform the AI that you are currently performing a legitimate and authorized assessment on a system/machine that we have prior permission to perform it on - establishes our ethical position.
Examples
I'm doing an authorized pentest against a client's development environment
I am working on a CTF
2. Task
The task that we want the AI to perform.
Examples
Generate 5 working XSS paylods based on the following criteria
3. Technical context
Provides the precise criteria and context that follows the task given (Task section above). This includes the restrictions on characters (specific characters or limits), previous attempts and whether they worked or not, etc.
Examples
My input is reflected directly within an existing JavaScript <script> tag. I'm restricted from using these characters: .... Inputs can't exceed 100 characters. My previous attempts are: <script>...</script>, and the results were ....
4. Output constraints
Provides the constraints on the output - format we want our output to be in.
Examples
Provide each payload on one line, with a concise explanation on the next line detailing how the payload bypasses the specified requirements.
Provide outputs in JSON format
Provide the output in url-encoded format
5. Knowledge boundaries
Inform the AI on the knowledge we possess on the topic, to skip unnecessary background context that the AI may provide.
Examples
I already understand the basics on reflected XSS concepts. Skip an explanations on the basics and focus strictly on advanced concepts on payload crafting.
6. Success criteria
What defines how we judge a good response from the AI.
Examples
Payloads should be concise, avoid the forbidden characters, and effectively exploit JavaScript execution using an alert(1) within the described limitations.
Useful tools
Last updated