CONFIG MAKING

BEGINNER'S
GUIDE TO
OPENBULLET
How to start cracking with
your own configs.

WRITTEN BY AYDEN
 THANK YOU

FOR

BUYING!
BEGINNER'S
GUIDE TO
OPENBULLET
Are you a cracker and you want to make your own Configs? Tired
of looking for public non-working configs or buying it from some
config maker each time you need a new one? With BEGINNER'S
GUIDE TO OPENBULLET, you will learn everything you need to
know to make your very own Openbullet configs in 3 chapters,
from beginner to "Advanced" configs, with Tokens, Recaptcha...
You will not have to buy more custom configs anymore; you'll
even be able to start your own Config Service! After reading this
eBook, you'll be able to use Openbullet for basic (And a little
more advanced) config making, and keep achieving even more
difficult challenges by yourself from what you've learned in this
eBook!
 01

GATHERING DATA
First of all, we have to gather some data
needed in order to make our config.
Finding a Website
First of all, we want to find a Website to make a config for. If you're reading this, you're probably a first-
timer, so find a Website (Don't choose the same as mine) and open the login page using Google Chrome.

Why Google Chrome?

As you know, Google Chrome has a magical feature known as "Inspect element" That's gonna be our best
friend in the Config Making journey.

Found your website? Cool! I need you to get to the web you want to make the config for, and open
Inspect Element. Then, go to "Network", you should see something like this:

That's what we gonna use to extract our data. The Network Activity in the Network tab should be empty,
if you go to Network and see some data, just wipe it with

Extracting the data we need

For this demonstration, I'm gonna be using a Spanish tech news web called "Xataka". It seems pretty
easy.
First we need to do (keep the network tab open!), is to type whatever in the login and password box, and
try to login. You'll notice the Network tab will update and show you some things. We are looking for
something called "login" or similar (auth, logon, etc)

Now, how do you prepare to make your config it's up to you. Some people just copy and paste all they need in a
Notepad and then starts the config, I prefer to paste directly to Openbullet.
I'll show you now what data we need to gather so get your Notepad ready
NOTE: All the steps have to be done in the login thing from the Network tab. Unless I say so, don't move from
there when doing the next steps.

Request URL
The request URL is the URL that makes the login request, so we will need to paste that in Openbullet.
This URL is always the first thing that shows up in the General section. Copy and paste that URL.
Origin and Referer
Just scroll down a little bit, you will find that in the "Request Headers" section. This is not always needed
but I like to include that, just in case.

Form Data
Scroll down, this is found at the bottom of the page. You'll see the username and password you wrote
before to make the login request show up in the Network tab. This is the code that sends the login data
to the request URL, that means Openbullet needs that code and replace login data with your custom
user:pass . Find the Form Data, click "View Source" and copy it.

If you see some more data here, like token, csrf or something. Please, change the website you're going to make the config. I will teach you how to make
configs for these type of pages, I promise, but that's 2 chapters ahead!

and that's all

NOW LET'S
GET TO
OPENBULLET
 02

BASIC CONFIG
MAKING
Now it's the time to use Openbullet!
Openbullet
We gathered all the data we need to make our config! Now it's the time. Run Openbullet, and go to
"Configs", and then click "New", name it whatever and click "Accept"

On the left side, we can see our Current Stack, there is where the config will be made.

On the right side, we can see a Debugger. There, we can check quickly if our config is working well, we
can insert a working account there to check it, and extract data from the Log or HTML View. Also, in the
"Data" tab we can see what response is giving the config (Success, Ban, Fail, Free, Custom) and the
capture or parsing we set up. For example:

First we need to do is to hit that "+" button located in our Current Stack (left side) and create a Request
block. There we will have to paste all the data we've gathered before.
You need to paste the Request URL in the "URL" box, the "Form Data" source in "POST Data" and the
Origin and Referer in Custom Headers

In "Method" (Below URL) select POST.

It should look like this:

In POST Data, we have to change the credentials we tried to login before (mailcheck@gmaill.com
:passcheck in my case) and replace it with <USER> <PASS>, so Openbullet will replace it with the user
and pass we want to try on.
Check! We got it all. Now, let's try if it's working. Type some random data (user:pass) in Debugger, select
"HTML View" tab and hit "Start" 

Tip: SBS (Next to the start button) means "Step by Step", so if we select that and press Start, Openbullet
will execute every block you created and stop between each one, so you can check output for every
block you've created. Can be helpful, for example, if config stopped working and you don't know why.

It's working! Obviously we typed some random data so it shows "Bad credentials", but it's working..

We always need to check that, as there are some Bypasses as Akamai that can show up instead and
make the config pretty impossible to do. I won't be explaining how to bypass securities like Akamai, as it
would probably need an independent course.

Now that we know there are no problems, we need to make the config detect the working accounts and
the bad ones. We will need the HTML Output for it.

Go back to the left side of your screen, press "+" and create a new block called "Key Check"

Got it! Now press that "+" next to "Keychains" twice. We need to create one check for a Success account,
and one for a bad one. Set one as type "Success" and another one as "Failure" Also, create a Key for each
one, pressing the "+" next to "Keys"
Now we need to get back to the HTML View from the Debugger and check the output after checking a
bad account. In my case the response it gave to me was "{"result":"failure","msg":"Bad credentials."}"

So, we copy and paste that in the "Failure" Key Check. So if it Contains {"result":"failure","msg":"Bad
credentials."}, Openbullet will set the checked account as "Fail", and the account will move to "Bad" type.

We can change that "Contains" to "DoesNotContain" "GreaterThan" etc. Just select what's better for you.

Go back to Debugger, but now check an actually working account.

Working! Get some text that you know it will NOT appear if the credentials are wrong, in my case
{"result":"success", and paste in the "Success" Keychain.
If we want to, we can also add another Keychain for "Custom" or "Free" hits, it works the same way I just
showed you for "Success" and "Fail"

Hey, are you still there? You actually finished your first config! Congratulations! Just, before you start
cracking from the Runner, check it one more time from your Debugger. This time from the "Data" Tab.

If you did it the right way, the output should be "Bot Status: SUCCESS" if you check a working account, or
"Bot Status: FAIL" if you check a wrong one. If it's showing up as it should be, your config is ready to go.
Yay! It's working. Save you config (Important step there)

Finish up your config navigating to "Other Options" and set the basic stuff (Name, author, suggested
bots, needs proxies...)

How many bots should you set? Does it need proxies? You only can know testing your config. Test with
50, 100, 150 etc Bots and check what suits better. Also, to know if you need to use proxies or not, try
your config in the Runner without proxies. If it stops working after some checks, it needs proxies.

As you can see, our config is

working perfectly