Tools & Requirements:
Patience
OpenBullet - https://github.com/openbullet/OpenBullet2
RDP/VPS (Not needed but recommended)
A Brain
Target website
Valid working account on the website
Click on the "Config" tab, then you will click on "New", and enter a Name for the config you're making, and an Author name.
Open the website you want to target.
Go to the login page.
Open Inspect Element, and click on the Network Tab.
Type in any fake login credentials in the login box while having the network tab open and hit Login/Enter
The page will give you an error saying the credentials you entered are incorrect, ignore that and look at the Network tab you have open on the side.
You want to search for something called "Login" and it should have a Request Method as "POST"
Now go back to that open Config tab in OpenBullet, and click on the "+" add sign.
It should give you a window of options
Click on "Request", it should give you the settings:
Now you will simply fill the information in the OB config settings with the information of the "login" tab in the inspect element page.
You will put the "Request URL" from the login page in the "URL" box in OB, and choose the Method Type in OB to be the same as the "Request Method" in the login page
Now you will scroll down to "Form Data", click on "view source" and copy the line written there and paste it in "POST Data" in OB
Make sure to edit the string your copy-pasted to be something like this email=&password=&submit=Login
Now go to the "Request Headers" section on the login tab, scroll to the "Cotent-Type" and make sure it's the same as the "Cotent-Type" option on OB.
Now in the same "Request Headers" section, find "user-agent" and copy that whole string. Now in OB, go to the "Custom Headers" section, find a line called user-agent, and replace that string with the one you copied.
Now find 2 lines called "Origin" and "Referer". Copy the whole 2 lines, and paste them at the end of the "Custom Headers" in OB.
Now that you finished adding all that information. We will be moving into setting up the config to detects Hits and fails.
For that, you will need to be focusing on this right side of OB, which is the Debugger part
Firstly, we need to flag the warning that the website will give when you enter false credentials. For that, write any random email and password in the "Data" box in OB. Make sure to write it in the format of emai
assword.
Now click on the "Start" button.
Now if you click on the "HTML View" mini tab, it will show you a loaded login page, but it says that you entered incorrect credentials.
Now you will copy that full text which says that you entered the wrong credentials however its written, and then click on "Add" button to add a block then Click on "Key Check".
Now click on "+" Next to Keychain, then choose the type as "Failure", then click on "+" next to Key, then paste the text you just copied in there.
Now you will do the same thing again, but this time with a valid working account to flag the key check to validate working accounts/hits.
After trying to login with a working account, find something that stands out which can be used to verify that it successfully logged in. It can be something that says "Member Dashboard", "Account Overview" or anything similar, then put it in the Key check.
Now that you added both key checks for fails and hits, you can test the config again once with incorrect credentials, and once with correct credentials and check the "Data" tab of the Debugger to see if it's working. It should look like this showing "Fail" for incorrect credentials, and "Success" for the working account
Now click "Save".
Congrats, now you have made your first simple OpenBullet config. You can test it on a larger scale by starting a runner with a wordlist and the config.
Extras
You can pre-set the recommended amount of Bots/Threads to be used for the config by clicking on " Other Options " then click on " General " then modify the " Suggested Bots "to whatever you want with a max of 200.
You can also choose if you want proxies to be used with this config or if it should be used prox
Patience
OpenBullet - https://github.com/openbullet/OpenBullet2
RDP/VPS (Not needed but recommended)
A Brain
Target website
Valid working account on the website
Click on the "Config" tab, then you will click on "New", and enter a Name for the config you're making, and an Author name.
Open the website you want to target.
Go to the login page.
Open Inspect Element, and click on the Network Tab.
Type in any fake login credentials in the login box while having the network tab open and hit Login/Enter
The page will give you an error saying the credentials you entered are incorrect, ignore that and look at the Network tab you have open on the side.
You want to search for something called "Login" and it should have a Request Method as "POST"
Now go back to that open Config tab in OpenBullet, and click on the "+" add sign.
It should give you a window of options
Click on "Request", it should give you the settings:
Now you will simply fill the information in the OB config settings with the information of the "login" tab in the inspect element page.
You will put the "Request URL" from the login page in the "URL" box in OB, and choose the Method Type in OB to be the same as the "Request Method" in the login page
Now you will scroll down to "Form Data", click on "view source" and copy the line written there and paste it in "POST Data" in OB
Make sure to edit the string your copy-pasted to be something like this email=&password=&submit=Login
Now go to the "Request Headers" section on the login tab, scroll to the "Cotent-Type" and make sure it's the same as the "Cotent-Type" option on OB.
Now in the same "Request Headers" section, find "user-agent" and copy that whole string. Now in OB, go to the "Custom Headers" section, find a line called user-agent, and replace that string with the one you copied.
Now find 2 lines called "Origin" and "Referer". Copy the whole 2 lines, and paste them at the end of the "Custom Headers" in OB.
Now that you finished adding all that information. We will be moving into setting up the config to detects Hits and fails.
For that, you will need to be focusing on this right side of OB, which is the Debugger part
Firstly, we need to flag the warning that the website will give when you enter false credentials. For that, write any random email and password in the "Data" box in OB. Make sure to write it in the format of emai
assword.Now click on the "Start" button.
Now if you click on the "HTML View" mini tab, it will show you a loaded login page, but it says that you entered incorrect credentials.
Now you will copy that full text which says that you entered the wrong credentials however its written, and then click on "Add" button to add a block then Click on "Key Check".
Now click on "+" Next to Keychain, then choose the type as "Failure", then click on "+" next to Key, then paste the text you just copied in there.
Now you will do the same thing again, but this time with a valid working account to flag the key check to validate working accounts/hits.
After trying to login with a working account, find something that stands out which can be used to verify that it successfully logged in. It can be something that says "Member Dashboard", "Account Overview" or anything similar, then put it in the Key check.
Now that you added both key checks for fails and hits, you can test the config again once with incorrect credentials, and once with correct credentials and check the "Data" tab of the Debugger to see if it's working. It should look like this showing "Fail" for incorrect credentials, and "Success" for the working account
Now click "Save".
Congrats, now you have made your first simple OpenBullet config. You can test it on a larger scale by starting a runner with a wordlist and the config.
Extras
You can pre-set the recommended amount of Bots/Threads to be used for the config by clicking on " Other Options " then click on " General " then modify the " Suggested Bots "to whatever you want with a max of 200.
You can also choose if you want proxies to be used with this config or if it should be used prox