CarderPlanet
Professional
And so, today I’m talking about the brute force of various shops to whose accounts a CC can be linked, with which we can make a purchase, you didn’t think that CC can only be linked to EBay.
My search for shops, as always, starts with Google shopping, I google the product I am interested in and open all the shops that are given to me in the left block below.
This is followed by registration in each store, after registration we go to the store's account and look for the item "Payment methods" or something similar there.
If there is an opportunity to add a credit card to the account, we see if he asks for CVV right away, if he doesn't ask, then we throw something into the basket and go to pay, select payment by card and see, usually in stores there is such an opportunity to save the card for future purchases, looks something like this:
If there is such an opportunity, it is very good.
As a matter of fact, at this stage, you can already start writing brute himself for this shop, since writing after a few days of practice takes no more than 30 minutes.
Private Keeper http://deival909.ru/
Private Keeper - This is an app for developers and brute-forcers.
I will tell you a couple of basic points that have been described a million times in various videos, but there you are offered to use some kind of software and so on.
For each shop, everything is unique, I will only help you understand GET and POST requests, this is the simplest thing, then the matter is in the number of approaches-repetitions.
We buy a license for a certain period, prices:
I think you'll figure it out with registration and activation.
Our working platform opens in front of us.
I do everything through the opera, because for some reason, in chrome, not everything shows what is needed. Today we will write a brute / checker.
The site may have a unique token for each authorization; for a site with a token, the procedure will be as follows: GET request to parse the token, POST request for authorization and check the account for validity, and GET request to parse payment information, if any.
First of all, we go to the site on the authorization page, press Ctrl + Shift + I, we will see the following page:
Next, we enter the data from our account and click on the login.
In the panel below we will see a lot of data that is transmitted to us by the shop, we need the first thing that it sent to us, the authorization data, so we scroll up.
This is the very link for authorization that we need, remember it will be under the number "1", then we will rewind to the very bottom and see the data that was used by the shop.
Here we see that this site uses a token for authorization, it may not have it or there may be two tokens. If there is no token, then we will immediately have a POST request for authorization. And so here we have a token and we need to parse it.
Press Ctrl + U we will open a page with the page code, there we press Ctrl + F and look for our token.
Great, this will be # 2, and the third thing we need to do is click on the view source right above the token in the penultimate screen.
Here we see how the login is carried out, token + login + password.
We go to the keeper:
We expose a GET request, then in field 1 we insert our login link, at number 2 we must enter the values before and after our token in the page code.
As entered, we press add-this is the 3rd point. Then we enter our login details, save our authorization, click check and look at the log. If everything is ok, we will see approximately the same as on the screen.
OK! The next step is to add one more authorization with a POST request. We take a bundle of token + username + password. And we insert the post data into the line, replacing the data that the shop gave with the keeper's values, look:
The token that we were given we change to the value | PARS | [1], the soap that was changed to | LOGIN |, the password is | PWD |.
If there are two tokens on the site, then we respectively add 2 parses and the data post will contain | PARS | [1] and | PARS | [2].
Next we add values for good and bad account. To do this, in the authorization log, look at the Location item, go through authorization with a valid account that we registered ourselves and look at which page it gets for example:
Location: www.site.de/myaccount
Location: www.site.de/home
Location: / new /
Or even "Location: /" is different everywhere.
And so on, depending on the store, we also remove the last digit of the password in the login data, for example, and see what location will be if the login and password are not correct, for example:
Location: www.site.de/myaccount/login
Location: www.site.de/registration
Location: www.site.de/index.php
It turns out something like this:
The value | RESPONSE | we change to | HEADERS |, if we can't find the Location: value to identify the bad account, we can do like this:
Then we check if everything worked out for us, trying the correct and incorrect login data, if everything is correct, then it will give out whether the result is considered good or bad.
Then we can already test our project, click on the quick test in the upper right corner, load the database and proxies and try.
I take free proxies from http://www.vipsocks24.net/ if the store is not demanding, then everything will be okay.
If you do not have an account with a linked card, then first you will need to collect N number of accounts and find an account with a card, after that you can add the project under the checker.
Next, we add one more authorization for the GET request and we will parse the credit card data, if any, add the address of the page where the card data is located in the link, for example: www.site.de/myaccount/paymentmethods/
We press Ctrl + U on this page and go to search for the card data in the page code, for example, by the last digits of the card, it's faster. Found, now we need to parse this value, just like with a token.
Don't forget to Assign the value 2 to the parser
We check if everything is fine, then the parser will give us the map data.
Further, so that we can see this in the final log, go to the control tab and change the log, for example:
Well, that's success, we are looking for more databases and go ahead, then only Dedicated files will be required in the work, do not forget to spam mail to the account owner.
Packs can be sent either to the stingy by adding another shipping address to the account or to the middle one, but do not forget to indicate the cell number and change the name in the middle to the name cardholder.
I hope this article will help you figure it out, in any case, try it, it's interesting and very profitable. Good luck!
PS site which I used www.peek-cloppenburg.de do not take, there is captcha.
You can try for example: www.amainhobbies.com there is no token, the shop has an internal balance.
My search for shops, as always, starts with Google shopping, I google the product I am interested in and open all the shops that are given to me in the left block below.
This is followed by registration in each store, after registration we go to the store's account and look for the item "Payment methods" or something similar there.
If there is an opportunity to add a credit card to the account, we see if he asks for CVV right away, if he doesn't ask, then we throw something into the basket and go to pay, select payment by card and see, usually in stores there is such an opportunity to save the card for future purchases, looks something like this:
If there is such an opportunity, it is very good.
As a matter of fact, at this stage, you can already start writing brute himself for this shop, since writing after a few days of practice takes no more than 30 minutes.
Private Keeper http://deival909.ru/
Private Keeper - This is an app for developers and brute-forcers.
I will tell you a couple of basic points that have been described a million times in various videos, but there you are offered to use some kind of software and so on.
For each shop, everything is unique, I will only help you understand GET and POST requests, this is the simplest thing, then the matter is in the number of approaches-repetitions.
We buy a license for a certain period, prices:
I think you'll figure it out with registration and activation.
Our working platform opens in front of us.
I do everything through the opera, because for some reason, in chrome, not everything shows what is needed. Today we will write a brute / checker.
The site may have a unique token for each authorization; for a site with a token, the procedure will be as follows: GET request to parse the token, POST request for authorization and check the account for validity, and GET request to parse payment information, if any.
First of all, we go to the site on the authorization page, press Ctrl + Shift + I, we will see the following page:
Next, we enter the data from our account and click on the login.
In the panel below we will see a lot of data that is transmitted to us by the shop, we need the first thing that it sent to us, the authorization data, so we scroll up.
This is the very link for authorization that we need, remember it will be under the number "1", then we will rewind to the very bottom and see the data that was used by the shop.
Here we see that this site uses a token for authorization, it may not have it or there may be two tokens. If there is no token, then we will immediately have a POST request for authorization. And so here we have a token and we need to parse it.
Press Ctrl + U we will open a page with the page code, there we press Ctrl + F and look for our token.
Great, this will be # 2, and the third thing we need to do is click on the view source right above the token in the penultimate screen.
Here we see how the login is carried out, token + login + password.
We go to the keeper:
We expose a GET request, then in field 1 we insert our login link, at number 2 we must enter the values before and after our token in the page code.
As entered, we press add-this is the 3rd point. Then we enter our login details, save our authorization, click check and look at the log. If everything is ok, we will see approximately the same as on the screen.
OK! The next step is to add one more authorization with a POST request. We take a bundle of token + username + password. And we insert the post data into the line, replacing the data that the shop gave with the keeper's values, look:
The token that we were given we change to the value | PARS | [1], the soap that was changed to | LOGIN |, the password is | PWD |.
If there are two tokens on the site, then we respectively add 2 parses and the data post will contain | PARS | [1] and | PARS | [2].
Next we add values for good and bad account. To do this, in the authorization log, look at the Location item, go through authorization with a valid account that we registered ourselves and look at which page it gets for example:
Location: www.site.de/myaccount
Location: www.site.de/home
Location: / new /
Or even "Location: /" is different everywhere.
And so on, depending on the store, we also remove the last digit of the password in the login data, for example, and see what location will be if the login and password are not correct, for example:
Location: www.site.de/myaccount/login
Location: www.site.de/registration
Location: www.site.de/index.php
It turns out something like this:
The value | RESPONSE | we change to | HEADERS |, if we can't find the Location: value to identify the bad account, we can do like this:
Then we check if everything worked out for us, trying the correct and incorrect login data, if everything is correct, then it will give out whether the result is considered good or bad.
Then we can already test our project, click on the quick test in the upper right corner, load the database and proxies and try.
I take free proxies from http://www.vipsocks24.net/ if the store is not demanding, then everything will be okay.
If you do not have an account with a linked card, then first you will need to collect N number of accounts and find an account with a card, after that you can add the project under the checker.
Next, we add one more authorization for the GET request and we will parse the credit card data, if any, add the address of the page where the card data is located in the link, for example: www.site.de/myaccount/paymentmethods/
We press Ctrl + U on this page and go to search for the card data in the page code, for example, by the last digits of the card, it's faster. Found, now we need to parse this value, just like with a token.
Don't forget to Assign the value 2 to the parser
We check if everything is fine, then the parser will give us the map data.
Further, so that we can see this in the final log, go to the control tab and change the log, for example:
Well, that's success, we are looking for more databases and go ahead, then only Dedicated files will be required in the work, do not forget to spam mail to the account owner.
Packs can be sent either to the stingy by adding another shipping address to the account or to the middle one, but do not forget to indicate the cell number and change the name in the middle to the name cardholder.
I hope this article will help you figure it out, in any case, try it, it's interesting and very profitable. Good luck!
PS site which I used www.peek-cloppenburg.de do not take, there is captcha.
You can try for example: www.amainhobbies.com there is no token, the shop has an internal balance.