Make Openbullet Config Easy Method 2022-23 - The Tech Power

How to make Openbullet config easy way 2022


Make Openbullet config easy way 2022

• If you follow this guide from start to finish you should have a good grasp 
on how to get started with making your own configs using the new and updated version of OpenBullet. 

• If you've been trying to get into Cracking.

STEPS : 

1 - First of all you have to download FIDDLER.
- One of the most important tools you will ever use except for OB2 is Fiddler.
- Make sure you have Fiddler installed.
- Make sure you are installing Fiddler 4 Classic.
- I don't have anything against the "NEW" version of Fiddler (Fiddler anywhere) 
my guide just calls for it and I find Fiddler 4
Its easier to use & hotkeys and layout of Fiddler 4 are also beginner friendly..๐Ÿ˜Š

- Now that you have Fiddler installed, make sure you Install the certificate 
required to capture traffic from your web pages.
- Follow the instructions in the link below.

- Once you have installed Fiddler and have installed its certificate make sure you copy these settings 1:1.

Click tools > options.

- Where it says Protocols click the blue text and copy+paste these settings.
This ensures that you are sniffing traffic through all the protocols you need for now.

-
-
- Click OK to save the settings and you are done with setting up Fiddler.

2 - OPENBULLET 2 SETUP

- Now that we are done with Fiddler you need to download OpenBullet 2 from its GITHUB repo.
Make sure you download the .ZIP file.


- Once you have downloaded unzip the file wherever you find convenient.

it should look like this screenshot below.


‐ Now you need to go into the extracted folder and run Updater.exe

- This ensures that your version of OB2 is up to date, from now on you no longer need to manually check for updates as you will see a notification on the bottom left of your OB2 dashboard when you have an update.

- We have now successfully downloaded and extracted almost all the files we need, except one.

- if you want to make configs that use credentials from a wordlist / combo you need a certain configuration file calledEnvironment.ini


- Copy and paste this file into you OpenBullet 2 folder under this specific location OpenBullet2/UserData/
Click Copy and Replace if Windows asks you what to do with the file.

- You are now ready to start OpenBullet 2 and make your very own config. ๐Ÿ˜

● MAKING YOUR FIRST CONFIG ●

- For this guide we are going to make a config for the website gaia.com

- First you will need to open Fiddler.

- If you have a lot of information on the left hand side already, click CTRL+X to clear everything and start fresh.

- You now need to go to the top left side of your fiddler UI and check that File > 
Capture Data
is UNCHECKED. You will need to check this later when we begin sniffing traffic from gaia.com

- Make sure that you click the button labeled as "Decode" on the top left Fiddler,
now Fiddler will automatically decode the target traffic that we are sniffing.

- everything should look nice and clean, like the screenshot below.

- Lets go to google and do some research on our target website now.
- some websites have their own specific login page, and at first glance gaia does not look like it has one.
- straight away you can see that you have to load the initial web page, click on log in to the top right and enter in the details in the drop down menu.

- This looks like a good place to start sniffing the webpage but on closer 
inspection, we can get to a smaller sized page if we type
gaia.com/login
into our browser.

- Now this page looks a lot cleaner and has less images and text, finding the cleanest starting point to start our config ensures that OB2 has the least content to load as possible, maximizing our data usage efficiency and over all speed of the config.

- Example : 

- Now we have established a starting points we need to start sniffing the traffic using fiddler.
- Make sure you enable capture in fiddler now, like I explained earlier.
you can enable and disable it using F12 
- Lets load up a private session in chrome and load in our target page, which will be gaia.com/login

- You will notice that fiddler will start registering a bunch of sniffed traffic, this is a good thing, we are now on track to making our config.

- click LOGIN

- For this guide we will be working with a VALID account.

- drgonzalez28@cox.net:maXX6269

- the email and password are separated by the ":"

- and type in a EMAIL and PASSWORD and attempt to login, first we will make sure that our login fails by entering anincorrect password,
this will be crucial to getting the correct keyword to tell OB2 what to do when it runs a invalid email and password.

- make sure that the incorrect password you entered is easily remembered, I will use TESTPASS123

- by using this unique password we will be able to search for it in fiddler to find where exactly the login point is.

- we should now see an invalid / incorrect password notification.

- Make sure you write some important keywords down, we will write down and save
"unrecognized username or password".

- This should be sufficient enough to search and find what we are looking for in fiddler to create a keyword to instruct OB2 regarding a failed login attempt.

- Next we will initiate a real login, we are now entering the account and preparing OB2 to know what to do when it runs a VALID hit, and also capture the data we want printed in the hit database and bot logger.

- We proceed to log in with the correct details.

- At this point, I would continue to go into the account details within the website but I know that we don't need to for this particular website.this is where we would usually find subscription statuses and so on, feel free to dig deeper with other websites, you never know what sweet stuff you will uncover for capture data.

- Lets go back to Fiddler and press F12 as we have everything we need for now, this will pause the capture session and allow us to freely look through the sniffed data.

- Fiddler should now have a lot of registered data to your left hand side.


- Lets minimize Fiddler now and start building our config in OB2

- Go into the OpenBullet 2 directory and run Openbullet.exe

- You can access the Dashboard by going into Chrome (or any browser) and typing in:

http://localhost:5000/

- on the left hand side click

- CONFIGS

- and on the top you will see a button with green outlines saying NEW

Click NEW.

- You will be taken to this window where we will name our config and set up some 
parameters so OB2 knows what to do with the data we give it.

- Type in the config name, Author, and choose a logo if you want... The logo is not mandatory and the same applies for category.

CLICK settings to start configuring some important parameters.

- Once we have done this we should arrive on this window below where we will type

- BOTS: 200

- and CHECK the "Use Proxies" selector.

- This tells OB2 to use the proxies provided and to use 200 bots, some websites do not require proxies, some websites need a lot less bots, you will
figure this out on your own as you get more experiences.

- Scroll down to see the rest of our parameters and when you get to "DATA", click 
MailPass

- so it gets passed to the left hand side, this tells OB2 that our website takes in DATA in the form of

EMAIL and PASSWORD

- If you have a website that logs in using USER and PASSWORD, you will need to specify it in the same way we did with MailPass, but as UserPass.

- This is all we need for now regarding the settings.

- Now to save your config you can click SAVE on the left hand side or simply use CTRL+S

- Next lets enter the area in which we will be building our config using blocks, blocks are a set of instructions in OB2, each block has a specific task in manipulating the site to get what you need to get done. blocks start from top to bottom in sequence, and in most cases continue that linear path.

- To start, we need to enter STACKER, please click it on the OB2 menu on the left hand side.

- You should see something like this.


- Welcome to STACKER, we will build all our future configs from here.

- Lets click the green + button to add our first BLOCK.

- a pop up box will appear.

- CLICK the green box that marked as REQUESTS>HTTP>HTTP REQUEST

- This tells OB that our first BLOCK will POST or GET a request from the target site.

- When we POST something, we are inputting data into the website, in return for more data, usually.

- when we GET something we are straight up requesting a specific URL from the website.

- This is how everything should look now.

- we have the foundation for our config set up, now lets go back to Fiddler and find some data to put in OB2.

- Inside fiddler, we need to search for our invalid password, the one that we used earlier...

TESTPASS123

- type CTRL+F and search for our invalid password.

- You will see that it highlights a item containing our data.

- Now click the highlighted item and press CTRL+1 this will mark the specific point in red, so we know exactly where and what happens when we input an incorrect password.

- marking the item also marked it easier to navigate through the list and find what we need by sight.

- on the right hand side if you click, INSPECTORS > RAW we will be able to see where we sent our POST data, and underneath it, the response/return DATA that the site gives.

- In the response Window Under our POST data

- we can clearly see the website gave us this message in response to the invalid PASSWORD

"Sorry, unrecognized username or password"

- we will use this data later to tell OB2 that we have used an invalid LOGIN. This will be our FAIL KEYCHECK

- Lets start inputting some data into our BLOCKS.

- Go back to OB2 now.

- and in the Method drop down menu, click POST

Since we are sending POST data we need to let OB2 know our intentions.

- In fiddler where we highlighted our FAILED login attempt earlier (to the 
complete left side) , click it and press CTRL+U

- In OB2 under the URL text area, Press CTRL+V, There is only one text box 
containing the words Url right now, so it should be easy to find.

- Now we have copied the URL where we will attempt to POST our login attempt. https://brooklyn.gaia.com/v1/login

- Now we have copied over our URL and OB2 knows where to send data to.

- We need to go back to fiddler and copy over some HEADERS on the top right.

- We will remove some unnecessary headers, I will give you a sample below.

- Host: brooklyn.gaia.com
Accept: application/json
DNT: 1
X-Client-Attributes: app-provider/gaia,app/web
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://www.gaia.com
Referer: https://www.gaia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en

This is the end result. ✅

- We will copy these headers into the headers section in OB2

- the parameters tell the site how to respond to the data we POST/GET

- then we will COPY our POST data which include the EMAIL and PASSWORD and edit it like this.

- EDIT sample:

- username=<input.USER>&password=<input.PASS>&device=web-app

- <input.USER> Variable specifies exactly where OB2 will place the EMAIL when running the config.
<input.PASS> Variable specifies the password. Both DATA will be taken from the wordlist/combo.

- see how each command is divided by the & and each new set of data is stated right after the =

- this will give you an idea about where to start placing your <input.USER> or <input.PASS> Variables.

- We can copy our POST data into OB2 now.

- *** Content type has already been done for you, but you will know what to paste by looking at the headers from earlier, we removed the content type from the sample code and pasted it into where it is now.***

>> now he have set OB up to POST our login data we need to specify a KEYCHECK, this will let OB know exactly what to do when we get a HIT or a FAIL.

- Click the + sign > CONDITIONS > KEYCHECK

- Next, click the + button TWICE on the right hand side, under the label "Keychecks"

- You will see TWO success KEYCHAIN BLOCKS.
click one of the SUCCESS dropdown items and change it to FAIL

- Your screen should look like this.

- Next we click on + String
- This will allow us to input the data that tells OB2 if we have successfully logged in or failed.

- we will start with our FAIL KEYCHECK.
- It will be the same one that we saw earlier when we searched for our incorrect 
login details in Fiddler.
we received this as a return.

- unrecognized username or password

- we will now place this into our Fail check block.

- Now that we have set up our FAIL KEY its time to find our SUCCESS KEY in Fiddler, almost done now :)

- We will search for our correct password this time, we managed to log in with it earlier.

maXX6269

- we will not CTRL+F that value into Fiddler and see what we get.

- We will use the returned data from this REQUEST now!
We don't need everything, only a KEY that will easily notify OB2 that we have managed to log in.
"success":true,"
This should be more than enough

- Now this KEY should be placed into OB2 the same way the FAIL CHECK got done. and we should have something that looks like this.

>> we can now test our config!

-- Don't forget to save your CONFIG every once in a while. --

CONGRATULATIONS
you have finished your very own config :)

● hope you have learned something with this guide and continue to sharpen your Skills ๐Ÿ˜ˆ

• Regards : TheTechPower •

• Share this article if you like ๐Ÿ˜Š

• Lot of thank You for reading ๐Ÿ˜Š๐Ÿ˜Š

• See You in next article ♥️
TheTechPower

Post a Comment

Welcome To The Tech Power.