LuciferOLD
Cyber Surveillance Operator
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
200 XP
drop a like if you enjoy [ .loli ] = The original openbullet config extension github.com/openbullet/openbullet
[ .anom ] = The openbullet anomaly mod config extension
[ .svb ] = The openbullet silverbullet mod config extension github.com/mohamm4dx/SilverBullet
For this tutorial I will be using Silverbullet, I personally prefer it as Openbullet 1 and Anomaly are no longer being updated and Silverbullet has more detail and better features as well as better stability
When launching the application, you will be met by multiple headers using words you may not have heard of before:
Runner = where you can queue tasks for cracking
Proxies = proxies kek
Wordlists = combolists, your email:pass / user:pass combos
Configs = where your configs are stored
Hits DB = Where your hits are stored (some configs can output hits to a text file)
Tools = Different tools/functions, mostly useless and wont ever be used
Plugins (exclusive to svb) = Different plugins, personally I have never really seen it used except for in a config which had custom hashing
Settings = where you can change certain settings, for example, automatic proxy reloading from apis
Help = not really needed
To create your first config, go to "configs" and click "new"
From here you can set the name of your config (typically the site your making) and the author (yourself)
These are the main things you will need:
+ = Add a new block
- = Delete a block
(x) = Temporarily put a block on hold, when running the config, that block will not be used
*2 squares* = Copy a block
*up arrow* = move a block up
*down arrow* = move a block down
*floppy disk* = save the config
Click the + and select "REQUEST" in green, this is probably the most common block used as its what will control everything being sent to APIs
For this tutorial I will be using "Twitch.tv" as the target but you can use nearly any site as long as you have the right api (excluding akamai, captcha etc)
Go to your target site and open your debugger, you can use chrome debugging or a software such as fiddler, for the tutorial I will use chrome debugging as its easy to understand.
Step 1 - Getting data
Open the debugger by pressing cntrl + shift + i or right click inspect and go to the network tab
While its open, enter random credentials (can be valid or not) and click login or what ever is used to sign in
You will see lots of things pop up in the network tab but the request you will be looking for will almost always be near the top
As you can see, as they were incorrect credentials, the server sent back a negative response which then showed the "this username does not exist" text, if we look at the network tab we can see the whole request including the POST data and headers.
We're only interested in the URL, Request Headers and Request Payload
We can now take this information and put it inside silverbullet
Step 2 - Posting data
Make a new request block and set the information inside the block to what we have taken from the request on the website
In this image I have highlighted the "cookie" part of the request, most of the time in requests we won't need to include the cookies, sometimes you will but I always leave them out unless I find out they do need the cookies.
In your openbullet client, you have different variables (vars) for certain things:
<USER> = :password / <[email protected]>:TestPass
<PASS> = email:<PASS> / [email protected]:<TestPass>
In the "POST Data" we will replace certain parts with these vars, the "username" and "password"
It now looks like this, now this is like this, instead of posting that data we had set before in the original request when we were getting the data, its sending the email and pass / user pass from the data we input (combos)
Step 3 - Keycheck
We can now input our own data (login) to test the different responses from the server
We can now make a "keycheck" block from the part where you made a "request" block
This is basically a gate that will only allow certain things through, we have a success key and a fail key (there are also custom, retry and ban keys for other responses)
We can now add the "Incorrect username or password" key to the fail key
Now we need to use valid credentials to obtain the success key
Sometimes due to sending too many requests quickly within a short timescale, the websites may add a temporary bot protection such as CAPTCHA, we can use this as a "ban" key so that if our proxies are detected as "bots" or they sent too may requests quickly it will stop using it.
Now, back to the success key
I used my own twitch account which I have 2FA on so it showed this, but if you don't it should show something similar to "access_token: eyJ bla-blabla" and this can be our success key so that when a login gets that response, it marks it as a hit, if we wanted to, to mark accounts as 2FA when the response which I got, we could add a "custom" keycheck but thats up to you :)
Now you have made your first basic config! I might make some more of these in the future but thats it for now, if you need any help im open to dms on site or on discord: SHOCK!#5769
Hope you enjoyed and this helped you
[ .anom ] = The openbullet anomaly mod config extension
You must upgrade your account or reply in the thread to view the hidden content.
For this tutorial I will be using Silverbullet, I personally prefer it as Openbullet 1 and Anomaly are no longer being updated and Silverbullet has more detail and better features as well as better stability
When launching the application, you will be met by multiple headers using words you may not have heard of before:
Runner = where you can queue tasks for cracking
Proxies = proxies kek
Wordlists = combolists, your email:pass / user:pass combos
Configs = where your configs are stored
Hits DB = Where your hits are stored (some configs can output hits to a text file)
Tools = Different tools/functions, mostly useless and wont ever be used
Plugins (exclusive to svb) = Different plugins, personally I have never really seen it used except for in a config which had custom hashing
Settings = where you can change certain settings, for example, automatic proxy reloading from apis
Help = not really needed
To create your first config, go to "configs" and click "new"
From here you can set the name of your config (typically the site your making) and the author (yourself)
These are the main things you will need:
+ = Add a new block
- = Delete a block
(x) = Temporarily put a block on hold, when running the config, that block will not be used
*2 squares* = Copy a block
*up arrow* = move a block up
*down arrow* = move a block down
*floppy disk* = save the config
Click the + and select "REQUEST" in green, this is probably the most common block used as its what will control everything being sent to APIs
For this tutorial I will be using "Twitch.tv" as the target but you can use nearly any site as long as you have the right api (excluding akamai, captcha etc)
Go to your target site and open your debugger, you can use chrome debugging or a software such as fiddler, for the tutorial I will use chrome debugging as its easy to understand.
Step 1 - Getting data
Open the debugger by pressing cntrl + shift + i or right click inspect and go to the network tab
While its open, enter random credentials (can be valid or not) and click login or what ever is used to sign in
You will see lots of things pop up in the network tab but the request you will be looking for will almost always be near the top
As you can see, as they were incorrect credentials, the server sent back a negative response which then showed the "this username does not exist" text, if we look at the network tab we can see the whole request including the POST data and headers.
We're only interested in the URL, Request Headers and Request Payload
We can now take this information and put it inside silverbullet
Step 2 - Posting data
Make a new request block and set the information inside the block to what we have taken from the request on the website
In this image I have highlighted the "cookie" part of the request, most of the time in requests we won't need to include the cookies, sometimes you will but I always leave them out unless I find out they do need the cookies.
In your openbullet client, you have different variables (vars) for certain things:
<USER> = :password / <[email protected]>:TestPass
<PASS> = email:<PASS> / [email protected]:<TestPass>
In the "POST Data" we will replace certain parts with these vars, the "username" and "password"
It now looks like this, now this is like this, instead of posting that data we had set before in the original request when we were getting the data, its sending the email and pass / user pass from the data we input (combos)
Step 3 - Keycheck
We can now input our own data (login) to test the different responses from the server
We can now make a "keycheck" block from the part where you made a "request" block
This is basically a gate that will only allow certain things through, we have a success key and a fail key (there are also custom, retry and ban keys for other responses)
We can now add the "Incorrect username or password" key to the fail key
Now we need to use valid credentials to obtain the success key
Sometimes due to sending too many requests quickly within a short timescale, the websites may add a temporary bot protection such as CAPTCHA, we can use this as a "ban" key so that if our proxies are detected as "bots" or they sent too may requests quickly it will stop using it.
Now, back to the success key
I used my own twitch account which I have 2FA on so it showed this, but if you don't it should show something similar to "access_token: eyJ bla-blabla" and this can be our success key so that when a login gets that response, it marks it as a hit, if we wanted to, to mark accounts as 2FA when the response which I got, we could add a "custom" keycheck but thats up to you :)
Now you have made your first basic config! I might make some more of these in the future but thats it for now, if you need any help im open to dms on site or on discord: SHOCK!#5769
Hope you enjoyed and this helped you