fareselnono
Side-Channel Attack Specialist
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
So, this won't be a short thread, but I thought i'd post how to make configs.
So, first, you find a target.
You press inspect while youre on the login page, and go to ''Inspect'', then go to the network tab.
Then, you login with network open. It will show something such as this:
click on the one that normally says login, signin, etc.
Then open up openbullet. Go to configs tab, press new. After naming it and shit press the +:
request:
go back to the network tab.
Press on the one that says login signin etc, go to headers.
Take the request URL, put it here:
the response headers, only focus on the request headers.
Don't copy Authority, method, path, or scheme.
Copy everything under that, all the way to content type, put it in this but delete the original headers first:
put the content type in this:
everything under that, all the way to the bottom, and put it in the custom headers, like above.
Then, where it says ''form data'':
press view source, and copy the whole of the form data, into here:
put <USER> wherever you have the username/email, in its place. And <PASS> in the place of the password:
the 'method' as POST, or whatever the request type is you're trying to do:
then, make an initial request in the debugger with a valid, which is the email and password you put into the site.
your username and password into ''data''
Run it, you should get a response like this:
then need to go to the + at the top left again, and then press ''Key Check'':
it.
The key check is to see if there is a valid whatever you're cracking. You go to key check, and press + and click success on the drop down menu. You then need to find something such as the 'r: success' that will always be there is the account is valid. And you need to then press another + and click failure. Then enter a wrong password in the debugger, it will then show something that only happens whenever the password is wrong, as this shows:
now have a working config! Well, you do, if the site doesn't have extra security, but for low level sites, this is all you need to know.
I will also post how to parse in depth etc.
I hope you all enjoyed my tutorial!
Enjoy! Very in depth and made by me.
So, first, you find a target.
You press inspect while youre on the login page, and go to ''Inspect'', then go to the network tab.
Then, you login with network open. It will show something such as this:
click on the one that normally says login, signin, etc.
Then open up openbullet. Go to configs tab, press new. After naming it and shit press the +:
request:
go back to the network tab.
Press on the one that says login signin etc, go to headers.
Take the request URL, put it here:
the response headers, only focus on the request headers.
Don't copy Authority, method, path, or scheme.
Copy everything under that, all the way to content type, put it in this but delete the original headers first:
put the content type in this:
everything under that, all the way to the bottom, and put it in the custom headers, like above.
Then, where it says ''form data'':
press view source, and copy the whole of the form data, into here:
put <USER> wherever you have the username/email, in its place. And <PASS> in the place of the password:
the 'method' as POST, or whatever the request type is you're trying to do:
then, make an initial request in the debugger with a valid, which is the email and password you put into the site.
your username and password into ''data''
Run it, you should get a response like this:
then need to go to the + at the top left again, and then press ''Key Check'':
it.
The key check is to see if there is a valid whatever you're cracking. You go to key check, and press + and click success on the drop down menu. You then need to find something such as the 'r: success' that will always be there is the account is valid. And you need to then press another + and click failure. Then enter a wrong password in the debugger, it will then show something that only happens whenever the password is wrong, as this shows:
now have a working config! Well, you do, if the site doesn't have extra security, but for low level sites, this is all you need to know.
I will also post how to parse in depth etc.
I hope you all enjoyed my tutorial!
Enjoy! Very in depth and made by me.