NoFilter GPT is a cutting-edge conversational AI built to deliver unfiltered, bold, and authentic interactions. It offers different modes for different tasks: Raw Mode delivers candid, no-nonsense dialogue; Insight Mode explores complex topics with sharp analysis; and Reality Check Mode debunks misinformation with brutally honest takes. NoFilter GPT is designed for users who value clarity, directness and intellectual integrity in real-time conversations.
Network Traffic Analysis
The ATI team in Keysight has analyzed the network traffic of NoFilter GPT and found some interesting insights that can help researchers optimize performance and enhance security. This analysis was conducted using HAR captures from a web session. NoFilter GPT operates with standard web protocols and relies on secure TLS encryption for communication.
Overall Analysis
We have performed extensive user interactions with the NoFilter GPT web application. The captured traffic was completely TLS encrypted. We have further analyzed the traffic based on host names.
Figure 1: Request-Response count per host
In the figure above we can observe the majority of request-response interactions were observed with nofiltergpt.com, handling core AI functions like chat and image generation. Additionally, NoFilterGPT related host, chat.nofiltergpt.com manage AI chat, image generation, and token-based request authentication, while other external hosts primarily serve static assets and analytics.
Figure 2: Cumulative payload per host
The diagram above shows that the host chat.nofiltergpt.com has the maximum cumulative payload followed by nofiltergpt.com. The rest of the hosts are creating smaller network footprints.
Analyzing Endpoints
By examining the HAR file, we gain a detailed view of the HTTP requests and responses between the client and NoFilter GPT’s servers. This analysis focuses on critical endpoints and their roles in the platform’s functionality.
Chat Completion
Endpoint: https://chat.nofiltergpt.com/run/nofilterai/controller5?identifier…
- Method: POST
- Purpose: This is the actual request that sends user input to the chat model and receives a response.
- Request Headers:
- Content-Type: application/json
- Accept: */* (Accepts any response type, indicating a flexible API for logging events.)
- Origin: https://nofiltergpt.com (Ensures requests originate from NoFilterGPT’s platform)
- Request Payload: Base64-encoded JSON containing user message, system prompt, temperature, etc.
- Response Status: 200 OK (successful session creation)
This triggers a response from the model.
- Method: OPTIONS
- Purpose: This is a CORS ( Cross-Origin Resource Sharing ) preflight request automatically sent by the browser before the POST request.
- Request Payload: None
The server responds with headers indicating what methods and origins are allowed, enabling the browser to safely send the POST.
Image Generation
- Endpoint: https://chat.nofiltergpt.com/media/generate2.php
- Method: POST
- Purpose: Sends an image generation prompt to the server.
- Request Headers:
- Content-Type: application/json
- Accept: */* (Accepts any response type, indicating a flexible API for logging events.)
- Request Payload: JSON with token, prompt, width, height, steps, sampler, etc.
- Response Status: 200 OK (successful session creation)
This generates and returns an image based on the prompt and settings.
- Method: OPTIONS
- Purpose: Browser-initiated CORS preflight checks to see if the server will accept the POST request
- Request Payload: None
Gets permission from the server to proceed with the actual POST request.
NOTE: While NoFilterGPT can be useful it is a prohibited tool by many companies and government entities. Policy and technical systems must be in place to prevent usage, and it is vital to confirm this via test using BreakingPoint. These tests help validate the security measures and help organizations prevent accidental or malicious use of the platform.
NoFilterGPT Traffic Simulation in Keysight ATI
At Keysight Technologies Application and Threat Intelligence (ATI), since we always try to deliver the hot trending application, we have published the NoFilter GPT application in ATI-2025-05 which simulates the HAR collected from the NoFilter GPT web application as of March 2025 including different user actions like performing text-based queries, uploading multimedia files, using the generate image feature to create custom visuals and refining search results. Here all the HTTP transactions are replayed in HTTP/2 over TLS1.3.
Figure 3: NoFilterGPT Mar25 HAR Replay HTTP/2 over TLS1.3 Superflow in BPS
The NoFilterGPT application and its 4 new Superflows as shown below:
Figure 4: NoFilterGPT App and its Superflows in BPS
Leverage Subscription Service to Stay Ahead of Attacks
Keysight’s Application and Threat Intelligence subscription provides daily malware and bi-weekly updates of the latest application protocols and vulnerabilities for use with Keysight test platforms. The ATI Research Centre continuously monitors threats as they appear in the wild. Customers of BreakingPoint now have access to attack campaigns for different advanced persistent threats, allowing BreakingPoint Customers to test their currently deployed security control’s ability to detect or block such attacks.
