BY SUBATOMIC

SubAtomic - Viewing Profile

SubAtomic:
nulled.to

https://www.nulled.to/user/826572-subatomic

Profile of SubAtomic on Cracked.io

cracked.io

https://cracked.io/SubAtomic

Please Like If you Reply to unlock the content, It costs you nothing and it lets
me know if this thread is even worth updating.

If you follow this guide from start to finish you should have a good grasp
on how to get started with making your own configs using
the new and updated version of OpenBullet. If you've been trying to get
into Cracking, this is the place and Software to start with.

This guide took me a long time to document, This is a guide explaining how
to install OB2, where to find OB2, which Fiddler version to get,
How to set up OB2 and Fiddler to sniff traffic and how to make your very
own first config.
If you enjoyed this guide please share the love and let me know if it was
useful to you.

If you want 1 on 1 mentoring, PM me your discord username and

we can discuss things...
FIDDLER SETUP

Make sure you have Fiddler installed.

One of the most important tools you will ever use except for OB2 is Fiddler.

Make sure you are installing Fiddler 4 Classic

I don't have anything against the "NEW" version of Fiddler (Fiddler anywhere)
my guide just calls for it and I find Fiddler 4
easier to use, the hotkeys and layout of Fiddler 4 are also beginner friendly.
FIDDLER DOWNLOAD LINK

Now that you have Fiddler installed, make sure you Install the certificate
required to capture traffic from your web pages.

Follow the instructions in the link below.

CERTIFICATE SETUP LINK
Once you have installed Fiddler and have installed its certificate make sure you
copy these settings 1:1

Click tools > options.

Where it says Protocols click the blue text and copy+paste these settings.
This ensures that you are sniffing traffic through all the protocols you need for
now.
<client>;ssl3;tls1.0;tls1.1;tls1.2
Click OK to save the settings and you are done with setting up Fiddler.

OPENBULLET 2 SETUP

Now that we are done with Fiddler you need to download OpenBullet 2 from its
GITHUB repo.
Mare sure you download the .ZIP file.

GITHUB DOWNLOAD LINK

Once you have downloaded unzip the file wherever you find convenient.

it should look like this screenshot below.

Now you need to go into the extracted folder and run Updater.exe

this ensures that your version of OB2 is up to date, from now on you no longer
need to manually check
for updates as you will see a notification on the bottom left of your OB2
dashboard when you have an update.

We have now successfully downloaded and extracted almost all the files we

need, except one.

if you want to make configs that use credentials from a wordlist / combo you
need a certain configuration file calledEnvironment.ini
Environment.ini CONFIGURATION DOWNLOAD

Copy and paste this file into you OpenBullet 2 folder under this specific
location OpenBullet2/UserData/
Click Copy and Replace if Windows asks you what to do with the file
You are now ready to start OpenBullet 2 and make your very own config.

MAKING YOUR FIRST CONFIG

For this guide we are going to make a config for the website gaia.com

First you will need to open Fiddler.

If you have a lot of information on the left hand side already, click CTRL+X to
clear everything and start fresh.

You now need to go to the top left side of your fiddler UI and check that File >
Capture Data
is UNCHECKED. You will need to check this later when we begin sniffing traffic
from gaia.com

Make sure that you click the button labeled as "Decode" on the top left Fiddler,
now Fiddler will automatically decode the target traffic that we are sniffing.

everything should look nice and clean, like the screenshot below. 

Lets go to google and do some research on our target website now.

some websites have their own specific login page, and at first glance gaia does
not look like it has one.

straight away you can see that you have to load the initial web page, click on
log in to the top right and enter in the details in the drop down menu.

This looks like a good place to start sniffing the webpage but on closer
inspection, we can get to a smaller sized page if we type
gaia.com/login 
into our browser.

Now this page looks a lot cleaner and has less images and text, finding the
cleanest starting point to start our config ensures
that OB2 has the least content to load as possible, maximizing our data usage
efficiency and over all speed of the config.

example.
Now we have established a starting points we need to start sniffing the traffic
using fiddler.

Make sure you enable capture  in fiddler now, like I explained earlier.
you can enable and disable it using F12

Lets load up a private session in chrome and load in our target page, which will
be gaia.com/login

You will notice that fiddler will start registering a bunch of sniffed traffic, this is
a good thing, we are now on track to making our config.

click LOGIN

For this guide we will be working with a VALID account.

[email protected]:maXX6269

the email and password are separated by the ":"

and type in a EMAIL and PASSWORD and attempt to login, first we will make
sure that our login fails by entering anincorrect password,
this will be crucial to getting the correct keyword to tell OB2 what to do when it
runs a invalid email and password.

make sure that the incorrect password you entered is easily remembered, I will
use TESTPASS123

by using this unique password we will be able to search for it in fiddler to find
where exactly the login point is.

we should now see an invalid / incorrect password notification.

Make sure you write some important keywords down, we will write down and
save
"unrecognized username or password".

This should be sufficient enough to search and find what we are looking for in
fiddler to create a keyword
to instruct OB2 regarding a failed login attempt.

Next we will initiate a real login, we are now entering the account and preparing
OB2
to know what to do when it runs a VALID hit, and also capture the data we want
printed in the hit database and bot logger.

We proceed to log in with the correct details

At this point, I would continue to go into the account details within the website
but I know that we don't need to for this particular website.
this is where we would usually find subscription statuses and so on, feel free to
dig deeper with other websites, you never know what sweet stuff you will
uncover for capture data.

Lets go back to Fiddler and press F12 as we have everything we need for now,
this will pause the capture session and allow us to freely look through the
sniffed data.

Fiddler should now have a lot of registered data to your left hand side.
Lets minimize Fiddler now and start building our config in OB2

Go into the OpenBullet 2 directory and run Openbullet.exe

You can access the Dashboard by going into Chrome (or any browser) and
typing in:

http://localhost:5000/
on the left hand side click

CONFIGS

and on the top you will see a button with green outlines saying NEW

Click NEW.

You will be taken to this window where we will name our config and set up some
parameters so OB2 knows what to do with the data we give it.

Type in the config name, Author, and choose a logo if you want... The logo is
not mandatory and the same applies for category.

CLICK settings to start configuring some important parameters.

Once we have done this we should arrive on this window below where we will
type
BOTS: 200

and CHECK the  "Use Proxies" selector.

This tells OB2 to use the proxies provided and to use 200 bots, some websites
do not require proxies, some websites need a lot less bots, you will
figure this out on your own as you get more experiences.

Scroll down to see the rest of our parameters and when you get to "DATA", click
MailPass
so it gets passed to the left hand side, this tells OB2 that our website takes in
DATA in the form of

EMAIL and PASSWORD

If you have a website that logs in using USER and PASSWORD, you will need to
specify it in the same way we did with MailPass, but as UserPass.

This is all we need for now regarding the settings.

Now to save your config you can click SAVE on the left hand side or simply use
CTRL+S

Next lets enter the area in which we will be building our config using blocks,
blocks are a set of instructions in OB2, each block has a specific task in
manipulating the site to get what you need to get done.
blocks start from top to bottom in sequence, and in most cases continue that
linear path.

To start, we need to enter STACKER, please click it on the OB2 menu on the
left hand side.

You should see something like this.

Welcome to STACKER, we will build all our future configs from here.

Lets click the green + button to add our first BLOCK.

a pop up box will appear.

CLICK the green box that marked as REQUESTS>HTTP>HTTP REQUEST

This tells OB that our first BLOCK will POST or GET a request from the target
site.

When we POST something, we are inputting data into the website, in return for
more data, usually.

when we GET something we are straight up requesting a specific URL from the
website.

This is how everything should look now.

we have the foundation for our config set up, now lets go back to Fiddler and
find some data to put in OB2.

Inside fiddler, we need to search for our invalid password, the one that we used
earlier...

TESTPASS123

type CTRL+F

and search for our invalid password.

You will see that it highlights a item containing our data.

Now click the highlighted item and press CTRL+1 this will mark the specific
point in red, so we know exactly where and what happens when we input an
incorrect password.
marking the item also marked it easier to navigate through the list and find what
we need by sight.

on the right hand side if you click, INSPECTORS > RAW we will be able to see
where we sent our POST data, and underneath it, the response/return DATA
that the site gives.

In the response Window Under our POST data

we can clearly see the website gave us this message in response to the invalid
PASSWORD

"Sorry, unrecognized username or password"

we will use this data later to tell OB2 that we have used an invalid LOGIN. This
will be our FAIL KEYCHECK

Lets start inputting some data into our BLOCKS.

Go back to OB2 now.

and in the Method drop down menu, click POST

Since we are sending POST data we need to let OB2 know our intentions.
In fiddler where we highlighted our FAILED login attempt earlier (to the
complete left side) , click it and press CTRL+U
Now we have copied the URL where we will attempt to POST our login attempt.
https://brooklyn.gaia.com/v1/login

In OB2 under the URL text area, Press CTRL+V, There is only one text box
containing the words Url right now, so it should be easy to find.

Now we have copied over our URL and OB2 knows where to send data to.

We need to go back to fiddler and copy over some HEADERS on the top right.

We will remove some unnecessary headers, I will give you a sample below.

 
Host: brooklyn.gaia.com
Accept: application/json
DNT: 1
X-Client-Attributes: app-provider/gaia,app/web
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://www.gaia.com
Referer: https://www.gaia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en

This is the end result.

We will copy these headers into the headers section in OB2

the parameters tell the site how to respond to the data we POST/GET

then we will COPY our POST data which include the EMAIL and PASSWORD and
edit it like this.

EDIT sample:

username=<input.USER>&password=<input.PASS>&device=web-app

<input.USER> Variable specifies exactly where OB2 will place the EMAIL when
running the config.
<input.PASS> Variable specifies the password.
Both DATA will be taken from the wordlist/combo.

see how each command is divided by the & and each new set of data is stated
right after the =

this will give you an idea about where to start placing your <input.USER> or
<input.PASS> Variables.
We can copy our POST data into OB2 now.

***Content type has already been done for you, but you will know what to
paste by looking at the headers from earlier, we removed
the content type from the sample code and pasted it into where it is
now.***

now he have set OB up to POST our login data we need to specify a

KEYCHECK, this will let OB know exactly what to do when we get a HIT or a
FAIL.

Click the + sign > CONDITIONS > KEYCHECK

Next, click the + button TWICE on the right hand side, under the label
"Keychecks"

You will see TWO success KEYCHAIN BLOCKS.

click one of the SUCCESS dropdown items and change it to FAIL

Your screen should look like this.

Next we click on + String

This will allow us to input the data that tells OB2 if we have successfully logged
in or failed.

we will start with our FAIL KEYCHECK.

It will be the same one that we saw earlier when we searched for our incorrect
login details in Fiddler.
we received this as a return.

unrecognized username or password

we will now place this into our Fail check block.

Now that we have set up our FAIL KEY its time to find our SUCCESS KEY in
Fiddler, almost done now :)
We will search for our correct password this time, we managed to log in with it
earlier.

maXX6269

we will not CTRL+F that value into Fiddler and see what we get.

We will use the returned data from this REQUEST now!

We don't need everything, only a KEY that will easily notify OB2 that we have
managed to log in.
"success":true,"
This should be more than enough

Now this KEY should be placed into OB2 the same way the FAIL CHECK got
done.
and we should have something that looks like this.
we can now test our config!
Don't forget to save your CONFIG every once in a while.

CONGRATULATIONS, you have finished your very own config :)

If you would like an updated version of how to capture data
from an account, such as subscription statuses, let me know,
I have to see if this guide is even appreciated or wanted.
If I see enough demand I will do video tutorials and more
extensive lessons.

I hope you have learned something with this guide and continue
to sharpen your skills.

ENJOY!