FEAT: add WebSocket-based prompt target for Microsoft Copilot #1275
Conversation
paulinek13
changed the title
- Rename _parse_message() to _parse_raw_message() - Split on record separator (\x1e) and processes all frames, not just first - Add FINAL_DATA_FRAME (type 3) enum value for completion signals - Extract bot message parsing logic into lambda for reusability - Fixes stop condition to handle FINAL_DATA_FRAME and remove flawed "is_user_input and PING" logic
…way because of `enterprise-prod-first-party-app-policy` This reverts commit 276290f.
This reverts commit ded56c6.
paulinek13
changed the title
|
This PR is finally ready for review. However, I still need to add a notebook for this target, which I'll do in the meantime 😃 |
| await ConsoleAttackResultPrinter().print_conversation_async(result=result) | ||
|
|
||
| # %% | ||
| from pyrit.memory import CentralMemory |
There was a problem hiding this comment.
nit: we stopped including this
| logger = logging.getLogger(__name__) | ||
|
|
||
|
|
||
| class CopilotAuthenticator(Authenticator): |
There was a problem hiding this comment.
This is great, but we can't run it through integration tests, which we'd want to make sure it's not broken. I'm okay with the authenticator piece not being testable, but I'd at least want a way to run WebSocketCopilotTarget.
Can we add another method for authenticating besides a headless browser so we can use it even with MFA, etc? E.g. an option where instead of username/password, you pass in auth headers? or alternatively a separate auth class that just takes cookies/headers that you set?
| def __init__( | ||
| self, | ||
| *, | ||
| verbose: bool = False, |
There was a problem hiding this comment.
let's get rid of this, log levels are set elsewhere (although we may have verbose hanging around)
| super().__init__( | ||
| verbose=verbose, | ||
| max_requests_per_minute=max_requests_per_minute, | ||
| endpoint=self.WEBSOCKET_BASE_URL, |
There was a problem hiding this comment.
I like this as a default, but let's pass it in
| return json.dumps(data, separators=(",", ":")) + "\x1e" | ||
|
|
||
| @staticmethod | ||
| def _parse_raw_message(message: str) -> list[tuple[CopilotMessageType, str]]: |
There was a problem hiding this comment.
nit: can we rename to something like raw_websocket_message
rlundeen2
left a comment
rlundeen2
left a comment
There was a problem hiding this comment.
@paulinek13 this is super cool! Thanks for tackling!
Before merging, I'd like to test, which I'm not setup to do as is :) But if you take the auth token change where I can paste tokens or a raw request or something without a headless browser, then I can check usage.
But looks good! No major concerns
2 participants
Description
Resolves #343
This PR introduces
WebSocketCopilotTarget, enabling sending prompts to Microsoft Copilot via WebSocket.Implementation reference: powerpwn/copilot/copilot_connector/copilot_connector.py
Authentication is handled automatically via
CopilotAuthenticator(also a new addition), which uses Playwright to automate browser login and obtain the required access tokens.Tests and Documentation
✅ both
WebSocketCopilotTargetandCopilotAuthenticatorare documented✅ unit tests are added for both
The following related items I'd like to address in separate PRs:
image_pathdata type (WebSocketCopilotTarget)CopilotAuthenticator)