kolmteist
Weeb Extraordinaire
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
400 XP
1.Protections that sites use for balance check page
Most popular shops like nike,puma and etc will have good protection measures so you can forget trying to rape them.
2. Identifying gift card numbers
2.1. Sequential numbers
you can see 99700002 are sequential numbers and the other remaining are only 5 random numbers.
Since this site doesn't have any protection it's really easy to get valid gift cards with balance, but it's really rare to find a site like this.
2.2. Luhn algorithm
Some sites use luhn algorithm for gift cards you can identify luhn algorithms https://simplycalc.com/luhn-validate.php.
2.3. Regex
Regex is mostly used for e-gift cards that includes letters, using regex increases your chance to get a hit instead of using the same letter.
Example from Netflix regex:
Code:
3. Finding sites and exploiting them
3.1. Finding sites
You will have to use your imagination with google dorks to find the best results.
Simple Example:
Code:
3.2. Exploiting site
This is the hardest part because you will have to use your brain to find the best approach and think if its worth exploiting the site.
What do i mean by if its worth exploiting?
For example:
Site has 16 digits number without a pin but has captchas, has 8 sequential numbers 8 other are random.
You will have to calculate the captchas prices per request and calculate if you cover the captchas cost and make some profit.
If you decided it is worth obviously you will have to make a config/checker or pay someone to do that for you, if isn't worth just keep looking for another site.
4. Using gift cards in-store
So some sites have balance check page without a pin, but when you are in the check out page they ask for a pin.
So there is a bypass for that if you don't want to use javascripts to crack pin, but they need to have barcode based gift cards like this(without magnetic stripe):
basically what you do is download stocard app or use barcode generator and download the photo of the barcode and use it in-store.
This tutorial took a while to write, if you want a part 2 about gift cards cloning show some support :ezy:
- User account
- Pin/cvv or security code
- Captcha
- Verification via e-mail
- Limiting page requests
- Doesn't show if the gift card number or pin is wrong
- Csrf tokens
- No protection :D
Most popular shops like nike,puma and etc will have good protection measures so you can forget trying to rape them.
2. Identifying gift card numbers
2.1. Sequential numbers
you can see 99700002 are sequential numbers and the other remaining are only 5 random numbers.
Since this site doesn't have any protection it's really easy to get valid gift cards with balance, but it's really rare to find a site like this.
2.2. Luhn algorithm
Some sites use luhn algorithm for gift cards you can identify luhn algorithms https://simplycalc.com/luhn-validate.php.
2.3. Regex
Regex is mostly used for e-gift cards that includes letters, using regex increases your chance to get a hit instead of using the same letter.
Example from Netflix regex:
Code:
Code:
LEQ\d[A-Z]\d\d\d\d\d\d3.1. Finding sites
You will have to use your imagination with google dorks to find the best results.
Simple Example:
Code:
Code:
inurl:giftcardbalance OR inurl:giftcard + "check" -pin -captchaThis is the hardest part because you will have to use your brain to find the best approach and think if its worth exploiting the site.
What do i mean by if its worth exploiting?
For example:
Site has 16 digits number without a pin but has captchas, has 8 sequential numbers 8 other are random.
You will have to calculate the captchas prices per request and calculate if you cover the captchas cost and make some profit.
If you decided it is worth obviously you will have to make a config/checker or pay someone to do that for you, if isn't worth just keep looking for another site.
4. Using gift cards in-store
So some sites have balance check page without a pin, but when you are in the check out page they ask for a pin.
So there is a bypass for that if you don't want to use javascripts to crack pin, but they need to have barcode based gift cards like this(without magnetic stripe):
basically what you do is download stocard app or use barcode generator and download the photo of the barcode and use it in-store.
This tutorial took a while to write, if you want a part 2 about gift cards cloning show some support :ezy: