HestiaBestia

Site: Kixify Proxies: Yes Combos: Mail:Pass Platform: OpenBullet A little note from me, if you are going to download please leave a like! It motivates me to keep releasing configs for everyone. Features: Captures order numbers, dates, and prices. Hybrid config, selenium used to capture the data not available in the source. [hide] Download [/hide]

Hmm.. spit or swallow

Gift cards! When I found out about gift card cracking a couple of years back I wanted to crack literally any card I could use. I ended up settling on a local supermarket that had a check form without any sort of captcha. I emailed them and said that I had written down my gift card number with a bunch of others and needed help to identify which one was for that supermarket. They told me about seven or eight characters that all cards began with and told me the length. From there I checked random cards until I got a valid and then generated an incrementing list from that first valid. I made LOADS of free grocery money. Kept going at it until I eventually forced them to add a recaptcha to their site. And that's my story of how I affected a semi-small supermarket chain :feelsgood:

thank you so much im a fan of you now omg :feelsgood: Deos this work for Canada? :monkas: Nope, this is the US config. If you'd like me to make a CA config PM me and I will get to work.

The config is fixed my friend. The issue was with the version number. If the issue persists switch to this version of OB. https://github.com/FOR-PARADOX/Reboot/releases

For sure my friend. You're a good guy!

I was sent this config from someone in my discord to have a look at it. Upon inspection this scumbag is logging all of the hits. Proof: I have decrypted and disinfected the config and you can download it here. Stay safe out there!

No of course it's not real. I just posted for the laughs.

Config fixed. I recommend running your combos again.

I appreciate it. First one to look at it as far as I can tell :)

Thanks for the share. I thought this got patched. Didn't know there was one before. Just made it for the first time last night :fine:

https://www.napapalisades.com/wp-content/uploads/2018/10/doordash-logo.png[/img] Site: DoorDash Proxies: Yes [Needs HQ] Combos: Mail:Pass Platform: OpenBullet Features: Captures Payment Methods [hide] Download [/hide]

Site: StockX Proxies: Yes [Needs HQ] Combos: Mail:Pass Platform: OpenBullet Features: Captures Card & Address [hide] Download [/hide]

http://www.logospng.com/images/26/dining-amp-sky-bar-kip-hotel-jalan-ipoh-kuala-lumpur-26266.png[/img] Site: 7/11 Proxies: Yes Combos: Mail:Pass Platform: OpenBullet Features: 6,000 cpm with 200 bots! Captures Punches and Points. Update 1: For any of you that downloaded earlier, update this config. They banned the token I was using, so the config now generates a new token for each attempt. Patch that you lazy IT department ehehe. Update 2: Now they updated the app and made requests from the config version invalid. Fixed again! Update 3: Okay this company really cares about their free drinks. Someone keeps patching the different static fields. SO NOW THERE ARE NO STATIC FIELDS. Everything is random genned. It's now a personal challenge for them to fix this shit. [hide] Download [/hide]

http://alltodesign.com/wp-content/uploads/2018/11/buffalo-wild-wings-logo-blazin-rewards-buffalo-wild-wings-free-1024x474.png[/img] Site: Blazin' Rewards Proxies: Yes (Needs good proxies!) Combos: Mail:Pass Platform: OpenBullet Features: Captures rewards points and card number. [hide] Download [/hide]

http://logok.org/wp-content/uploads/2014/10/Chilis-wordmark.png[/img] Site: Chili's Proxies: Not Needed Combos: Phone:Pass Platform: OpenBullet Features: Weird one.. this is a config that uses phone number and password to login. Captures rewards points. [hide] Download [/hide]

liked u brooooooooo I appreciate it! :)

https://media.discordapp.net/attachments/576305825245560832/578845937540136960/1200px-Cineplex_logo.png[/img] Site: Cineplex Proxies: Yes Combos: Mail:Pass Platform: OpenBullet Features: This captures payment cards, gift cards, scene cards, and paypal attached. [hide] Download [/hide]

https://media.discordapp.net/attachments/576305825245560832/576829478647365682/1280px-Zalando-Logo.svg.png[/img] Site: Zalando NL Proxies: None / NL Proxies Combos: Mail:Pass Platform: OpenBullet This is for the NL login. Will most likely break frequently so please hit me up to fix it. Features: Captures order status, price, and merchant. Please note that prices are captured without the decimal. (Ex. 100.00 = 10000) [hide] Download [/hide]

https://upload.wikimedia.org/wikipedia/commons/thumb/5/59/Bol.com_logo.svg/1280px-Bol.com_logo.svg.png[/img] Site: Bol Proxies: Yes Captcha: Recaptcha Combos: Mail:Pass Platform: OpenBullet Features: Roughly captures the name of the items ordered. I cannot understand the language, so it is hard for me to create a config with proper capture. This was requested by someone on my discord and I figured people here could use it. [hide] Download [/hide]

Thanks for the tip, will update the thread.

This is a bump

https://media.discordapp.net/attachments/576305825245560832/576314526916673536/RGB_Blue_Type_Horz-1.png[/img] Site: Domino's Proxies: [HQ NEEDED] Socks4 Combos: Mail:Pass Platform: OpenBullet Redeem 60 points for a pizza! https://discordapp.com/assets/59d34a4f4f1c4cd43b83304ebf1f9407.svg[/img] Features: Captures country, points, and points expiration date. (Works with public socks4 very slowly. Change "wait time after bot" to 1000.) Download: [hide]Download[/hide]

This looks interesting, I wasn't aware that gmail checking was possible due to their 2FA.

I was always told to use Fiddler to sniff android traffic. I never really understood why most apps did not work with the Fiddler certificate installed, and why I could not see most traffic. I did some digging and found that most apps verify your certificate, and so to properly capture traffic you would need to make the app verify your certificate or bypass the step all together. Below I will list the steps that I took to get this working. PLEASE NOTE: If you'd like some real explanations of how this works, this guide will not provide it. I have no idea how most of this works, or even if what I said above is accurate. All I know is that I have had good results and I would like to share them with you all. Required The APK of the app you'd like to use. An android phone (rooted), an emulator may work but I have not tested. A charging cable for said phone. Frida, Objection, and ADB properly installed. Fiddler of course. Download Frida HERE. Download Objection HERE. Download ADB HERE. Download Fiddler HERE. Click for setup instructions for FRIDA and OBJECTION. REMEMBER TO ADD ALL OF THIS TO YOUR PATH. UPON RUNNING OBJECTION THE FIRST TIME YOU WILL NEED TO DOWNLOAD DEPENDENCIES AND PLACE IN YOUR PATH. THIS IS POSSIBLE ON IOS, BUT I CANNOT HELP YOU WITH THAT. Step One Lets set up our certificate on our android device. Start Fiddler and do the following. Tools > Options > HTTPS Enable the box that says Capture HTTPS Connects, and Decrypt HTTPS traffic. Tools > Options > Connections Enable the box that says Allow remote computers to connect. Now over to your android device, and go to the WIFI settings. Modify the network you are currently connected to and add your computer's IPV4 as your proxy. Now make the port the one in the Connections menu of Fiddler. This is 8888 by default. Open the browser on your android device and head to: http://ipv4.fiddler:8888/ Now you can tap FiddlerRoot Certificate and install it. Fiddler setup complete! Step Two Download and place your APK in your chosen directory, and navigate to it in the command prompt. Type the following. objection patchapk -s (PATH TO APK) Wait for this to finish, and you have your modified APK. Install this on your android device, and connect it via USB to your computer. Enable USB debugging in the developer settings of your android device. Now run the app, and type the following in the command prompt. objection explore android sslpinning disable Step Three Do your thing! Make a config, or whatever you please. The success rates of this method are much higher than just installing the certificate. You are now able to capture traffic from this app with fiddler. Note, success rates are not 100%! It's fairly rare, but I have run in to a few apps that will crash after being patched. I will help all of you to the best of my ability.