Make Openbullet Config Easy Method 2022-23 - The Tech Power

How To Make Openbullet Config Easy Way 2022


Make Openbullet config easy way 2022
Openbullet configs 2022

• If you follow this guide from start to finish, you should grasp how to start making your own open bullet configs 2022 using the new and updated version of OpenBullet. 

• If you've been trying to get into Cracking.

STEPS : 

1 - First of all, you have to download FIDDLER.
- One of the most important tools you will ever use, except for OB2, is Fiddler.
- Make sure you have Fiddler installed.
- Make sure you are installing Fiddler 4 Classic.
- I don't have anything against the "NEW" version of Fiddler (Fiddler anywhere) 
my guide just calls for it, and I find Fiddler 4
It's easier to use & hotkeys and layout of Fiddler 4 are also beginner friendly..😊

- Now that you have Fiddler installed, make sure you Install the certificate 
required to capture traffic from your web pages.
- Follow the instructions in the link below.

- Once you have installed Fiddler and its certificate, copy these settings 1:1.

Click tools > options.

- Where it says Protocols click the blue text and copy+paste these settings.
This ensures that you are sniffing traffic through all the protocols you need for now.

-
-
- Click OK to save the settings, and you are done setting up Fiddler.

2 - OPENBULLET 2 SETUP

- Now that we are done with Fiddler, you need to download OpenBullet 2 from its GITHUB repo.
Make sure you download the. ZIP file.


- Once you have downloaded it, unzip the file wherever you find convenient.

It should look like this screenshot below.


‐ Now, you need to go into the extracted folder and run Updater.exe

- This ensures that your version of OB2 is up to date. You no longer need to manually check for updates, as you will see a notification on the bottom left of your OB2 dashboard when you have an update.

- We have successfully downloaded and extracted almost all the files we need, except one.

- if you want to make configs that use credentials from a wordlist/combo, you need a certain configuration file calledEnvironment.ini



- Copy and paste this file into your OpenBullet 2 folder under this specific location OpenBullet2/UserData/
Click Copy and Replace if Windows asks you what to do with the file.

- You are ready to start OpenBullet 2 and make your own config. 😍

MAKING YOUR FIRST CONFIG

- For this guide, we are going to make a config for the website gaia.com

- First, you will need to open Fiddler.

- If you already have a lot of information on the left-hand side, click CTRL+X to clear everything and start fresh.

- You now need to go to the top left side of your fiddler UI and check that File > 
Capture Data
is UNCHECKED. You will need to check this later when we begin sniffing traffic from gaia.com

- Make sure that you click the button labeled as "Decode" on the top left Fiddler,
Now Fiddler will automatically decode the targeted traffic that we are sniffing.

- everything should look nice and clean, like the screenshot below.

- Let's go to google and do some research on our target website now.
- some websites have their own specific login page, and at first glance, Gaia does not look like it has one.
- straight away, you can see that you have to load the initial web page, click on log in to the top right, and enter the details in the drop-down menu.

- This looks like a good place to start sniffing the webpage, but on closer 
inspection, we can get to a smaller-sized page if we type
gaia.com/login
into our browser.

- This page looks much cleaner and has fewer images and text. Finding the cleanest starting point to start our config ensures that OB2 has the least content to load as possible, maximizing our data usage efficiency and overall speed of the config.

- Example : 

- Now we have established a starting point, we need to start sniffing the traffic using fiddler.
- Make sure you enable capture in fiddler now, as I explained earlier.
you can enable and disable it using F12 
- Let's load up a private session in chrome and load in our target page, which will be gaia.com/login

- You will notice that fiddler will start registering a bunch of sniffed traffic. This is a good thing. We are now on track to making our config.

- Click LOGIN


- For this guide, we will be working with a VALID account.

- drgonzalez28@cox.net:maXX6269

- the email and password are separated by the ":."

- and type in an EMAIL and PASSWORD and attempt to log in. First, we will make sure that our login fails by entering an incorrect password,
this will be crucial to getting the correct keyword to tell OB2 what to do when it runs an invalid email and password.

- make sure that the incorrect password you entered is easily remembered. I will use TESTPASS123

- by using this unique password, we can search for it in fiddler to find where exactly the login point is.

- we should now see an invalid/incorrect password notification.

- Make sure you write some important keywords down. We will write down and save
"unrecognized username or password."

- This should be sufficient to search and find what we are looking for in fiddler to create a keyword to instruct OB2 regarding a failed login attempt.

- Next, we will initiate a real login. We are now entering the account and preparing OB2 to know what to do when it runs a VALID hit and also capture the data we want to be printed in the hit database and bot logger.

- We proceed to log in with the correct details.

- At this point, I would continue to go into the account details within the website, but I know we don't need to for this particular website. This is where we would usually find subscription statuses and so on. Feel free to dig deeper with other websites. You never know what sweet stuff you will uncover for capturing data.

- Let's go back to Fiddler and press F12 as we have everything we need. This will pause the capture session and allow us to freely look through the sniffed data.

- Fiddler should now have a lot of registered data to your left-hand side.



- let's minimize Fiddler now and start building our config in OB2

- Go into the OpenBullet 2 directory and run Openbullet.exe

- You can access the Dashboard by going into Chrome (or any browser) and typing in:

http://localhost:5000/

- on the left-hand side click

- CONFIGS

- and on the top, you will see a button with green outlines saying NEW

Click NEW.

- You will be taken to this window where we will name our config and set up some 
parameters so OB2 knows what to do with the data we give it.

- Type in the config name, Author, and choose a logo if you want... The logo is not mandatory, and the same applies to categories.

CLICK settings to start configuring some important parameters.

- Once we have done this, we should arrive at this window below, where we will type

- BOTS: 200

- and CHECK the "Use Proxies" selector.

- This tells OB2 to use the provided proxies and 200 bots. Some websites do not require proxies, some websites need a lot fewer bots, and you will
figure this out on your own as you get more experiences.

- Scroll down to see the rest of our parameters, and when you get to "DATA," click 
MailPass

- so it gets passed to the left-hand side. This tells OB2 that our website takes in DATA in the form of

EMAIL and PASSWORD

- If you have a website that logs in using USER and PASSWORD, you will need to specify it like we did with MailPass, but as UserPass.


- This is all we need for now regarding the settings.

- Now, to save your config, you can click SAVE on the left-hand side or simply use CTRL+S

- Next, let's enter the area where we will build our config using blocks. Blocks are a set of instructions in OB2. Each block has a specific task in manipulating the site to get what you need to be done. Blocks start from top to bottom in sequence and, in most cases, continue that linear path.

- To start, we need to enter STACKER. Please click it on the OB2 menu on the left-hand side.

- You should see something like this.


- Welcome to STACKER. We will build all our future configs from here.

- let's click the green + button to add our first BLOCK.

- a pop-up box will appear.

- CLICK the green box that is marked as REQUESTS>HTTP>HTTP REQUEST

- This tells OB that our first BLOCK will POST or GET a request from the target site.

- When we POST something, we usually input data into the website in return for more data.

- when we GET something, we request a specific URL from the website.

- This is how everything should look now.

- we have the foundation for our config set up; now, let's go back to Fiddler and find some data to put in OB2.

- Inside fiddler, we need to search for our invalid password, the one we used earlier...

TESTPASS123

- type CTRL+F and search for our invalid password.

- You will see that it highlights an item containing our data.

- Now click the highlighted item and press CTRL+1. This will mark the specific point in red, so we know exactly where and what happens when we input an incorrect password.

- marking the item also marked it easier to navigate through the list and find what we need by sight.

- on the right-hand side, if you click INSPECTORS > RAW, we will be able to see where we sent our POST data, and underneath it, the response/return DATA that the site gives.

- In the response Window Under our POST data

- we can clearly see the website gave us this message in response to the invalid PASSWORD

"Sorry, unrecognized username or password."

- we will use this data later to tell OB2 that we have used an invalid LOGIN. This will be our FAIL KEY CHECK

- Let's start inputting some data into our BLOCKS.

- Go back to OB2 now.

- and in the Method drop-down menu, click POST


Since we are sending POST data, we need to let OB2 know our intentions.

- In fiddler, where we highlighted our FAILED login attempt earlier (to the 
complete left side), Click it and press CTRL+U

- In OB2, under the URL text area, Press CTRL+V, There is only one text box 
containing the words Url right now, so it should be easy to find.

- Now, we have copied the URL where we will attempt to POST our login attempt. https://brooklyn.gaia.com/v1/login

- We have copied over our URL, and OB2 knows where to send data.

- We need to go back to fiddler and copy over some HEADERS on the top right.

- We will remove some unnecessary headers. I will give you a sample below.

- Host: brooklyn.gaia.com
Accept: application/JSON
DNT: 1
X-Client-Attributes: app-provider/Gaia,app/web
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://www.gaia.com
Referer: https://www.gaia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en

This is the end result. ✅

- We will copy these headers into the headers section in OB2

- the parameters tell the site how to respond to the data we POST/GET

- then, we will COPY our POST data, including the EMAIL and PASSWORD, and edit it like this.

- EDIT sample:

- username=<input.USER>&password=<input.PASS>&device=web-app

- <input.USER> Variable specifies exactly where OB2 will place the EMAIL when running the config.
<input.PASS> Variable specifies the password. Both DATA will be taken from the wordlist/combo.

- see how each command is divided by the &, and each new set of data is stated right after the =

- this will give you an idea about where to start placing your <input.USER> or <input.PASS> Variables.

- We can copy our POST data into OB2 now.

- *** Content type has already been done for you, but you will know what to paste by looking at the headers from earlier. We removed the content type from the sample code and pasted it into where it is now.***

>> now, he has set OB up to POST our login data. We need to specify a KEY CHECK. This will let OB know exactly what to do when we get a HIT or a FAIL.

- Click the + sign > CONDITIONS > KEY CHECK

- Next, click the + button TWICE on the right-hand side, under the label "Keychecks."

- You will see TWO success KEYCHAIN BLOCKS.
Click one of the SUCCESS dropdown items and change it to FAIL.

- Your screen should look like this.

- Next, we click on + String
- This will allow us to input the data that tells OB2 if we have successfully logged in or failed.

- we will start with our FAIL KEY CHECK.
- It will be the same one we saw earlier when we searched for our incorrect 
login details in Fiddler.
We received this as a return.

- unrecognized username or password

- we will now place this into our Fail check block.

- Now that we have set up our FAIL KEY, it's time to find our SUCCESS KEY in Fiddler. Almost done now :)

- We will search for our correct password this time. We managed to log in with it earlier.

maXX6269

- we will not CTRL+F that value into Fiddler and see what we get.

- We will use the returned data from this REQUEST now!
We don't need everything, only a KEY that will easily notify OB2 that we have managed to log in.
"success":true,"
This should be more than enough

- This KEY should be placed into OB2 like the FAIL CHECK did. And we should have something that looks like this.

>> we can now test our config!



-- Don't forget to save your CONFIG every once in a while. --

CONGRATULATIONS

you have finished your very own config :)

● hope you have learned something with this guide and continue to sharpen your skills 😈


• Regards: TheTechPower •

• Share this article if you like 😊


Back to top