dadad1341
Futurist
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Introduction toOpenBullet2
guide regarding config creation.
Useful resources
- OpenBullet 2 Official Documentation: https://docs.openbullet.dev/docs/intro
- OpenBullet 2 Official Github:
- OpenBullet 2 Official WebForum: https://discourse.openbullet.dev
- Cracking terminology:
How to install the Web-Client version | https://docs.openbullet.dev/docs/installation/windows/web-client
- Download the Official OpenBullet 2 Web-Client:
- Install the required dependencies: https://aka.ms/dotnet/8.0/dotnet-runtime-win-x64.exe | https://aka.ms/dotnet/8.0/aspnetcore-runtime-win-x64.exe
- Restart your PC and execute the Web Client, it should open the local host:
can go to the dashboard in the localhost by pressing "Ctrl + Left click" on it
to create a runner / worker: - Import your combolist, proxies & config | You can either import them manually on each section as previously shown on the dashboard, or load everything at the MultiJob Runner
you can click on select & import options to upload your combos; Click on "Choose" and select your combolist, then change the type option to "Credentials" since most of config makers uses that as default.
creation: Requests, Bearer, Keychecks
As for this example, we will use the website Fox to explain the mentioned points.
- We can use the developer tools built in Chromium, then go to Network and check the traffic of the website:
As the screenshots indicate after making a login request; the response code is 401 / Unauthorized meaning the credentials are invalid for some reason, the Request URL is the API and the request method the type of request. https://api3.fox.com/v2.0/login/v2 | Request Post
To make this into a config, we must create a new one and go to the "Stacker" section to add our blocks.
to thestackersection
you can add a "HTTP Request Block" for the login
creating theHTTP Request block, you will notice the following subjects
- URL refers to theAPI,Methodto the type of requests, Content to thePayload,Content-Typerefers to the payload structure andCustom Headersare the headers sent through the request.
further information onHTTP Request, you can read the following paper:https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
After opening the request, the content or payload can be found in the "Payload" section. You must see it as source.
inputs of the emails & passwords must be replaced with and if you are using credentials. The content type can be found on the headers, specifically on the Response Headers: "content-type: application/json"
further in the headers, you will notice it requires aBearer / JWT(JSONWebToken), a type of authorization or session, in this case, the bearer is static, meaning it doesn't change per each request or session.
2 autogenerates the headers on the request, meaning you don't have to copy-paste the same headers from the request but the Bearer (The bearer is dynamic, but it doesn't verify anything but the information sent on the request, the same thing with the API-Key at the end of the headers)
- After copying all the requests & headers you must use the debugger to verify if the request is working.
verifying the request and the received payloads match with the website, we can make thekeychecks / conditions.
- Create akeycheckblock and create a new key with the result status:False
same thing goes for theKeycheck Sucess, but for that, we must ensure to have a valid account or an account that gives a different status (Retry limit, banned, etc)
response payload gives us all the information that we require for this config, such as account type, email, device, and more. We can parse this information to make the capture.
- We can either use "Left Right (LR)" option or one of the multiple options for parsing:CSS, xPath, JSON & Regex, for this capture we will be usingLR. If you want to capture something, you must select the delimiters to capture whatever you want.
guide doesn't require you to reply to see the content, but if you do, please leave a comment to improve this guide. Updating the config creation with more: CSRF, Variable Tokens, Regex & more if this guide reaches 25 likes!
guide regarding config creation.
Useful resources
- OpenBullet 2 Official Documentation: https://docs.openbullet.dev/docs/intro
- OpenBullet 2 Official Github:
You must upgrade your account or reply in the thread to view hidden text.
- Cracking terminology:
How to install the Web-Client version | https://docs.openbullet.dev/docs/installation/windows/web-client
- Download the Official OpenBullet 2 Web-Client:
You must upgrade your account or reply in the thread to view hidden text.
- Restart your PC and execute the Web Client, it should open the local host:
can go to the dashboard in the localhost by pressing "Ctrl + Left click" on it
to create a runner / worker: - Import your combolist, proxies & config | You can either import them manually on each section as previously shown on the dashboard, or load everything at the MultiJob Runner
you can click on select & import options to upload your combos; Click on "Choose" and select your combolist, then change the type option to "Credentials" since most of config makers uses that as default.
creation: Requests, Bearer, Keychecks
As for this example, we will use the website Fox to explain the mentioned points.
- We can use the developer tools built in Chromium, then go to Network and check the traffic of the website:
As the screenshots indicate after making a login request; the response code is 401 / Unauthorized meaning the credentials are invalid for some reason, the Request URL is the API and the request method the type of request. https://api3.fox.com/v2.0/login/v2 | Request Post
To make this into a config, we must create a new one and go to the "Stacker" section to add our blocks.
to thestackersection
you can add a "HTTP Request Block" for the login
creating theHTTP Request block, you will notice the following subjects
- URL refers to theAPI,Methodto the type of requests, Content to thePayload,Content-Typerefers to the payload structure andCustom Headersare the headers sent through the request.
further information onHTTP Request, you can read the following paper:https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
After opening the request, the content or payload can be found in the "Payload" section. You must see it as source.
inputs of the emails & passwords must be replaced with and if you are using credentials. The content type can be found on the headers, specifically on the Response Headers: "content-type: application/json"
further in the headers, you will notice it requires aBearer / JWT(JSONWebToken), a type of authorization or session, in this case, the bearer is static, meaning it doesn't change per each request or session.
2 autogenerates the headers on the request, meaning you don't have to copy-paste the same headers from the request but the Bearer (The bearer is dynamic, but it doesn't verify anything but the information sent on the request, the same thing with the API-Key at the end of the headers)
- After copying all the requests & headers you must use the debugger to verify if the request is working.
verifying the request and the received payloads match with the website, we can make thekeychecks / conditions.
- Create akeycheckblock and create a new key with the result status:False
same thing goes for theKeycheck Sucess, but for that, we must ensure to have a valid account or an account that gives a different status (Retry limit, banned, etc)
response payload gives us all the information that we require for this config, such as account type, email, device, and more. We can parse this information to make the capture.
- We can either use "Left Right (LR)" option or one of the multiple options for parsing:CSS, xPath, JSON & Regex, for this capture we will be usingLR. If you want to capture something, you must select the delimiters to capture whatever you want.
guide doesn't require you to reply to see the content, but if you do, please leave a comment to improve this guide. Updating the config creation with more: CSRF, Variable Tokens, Regex & more if this guide reaches 25 likes!