Reneboss 40 [hide] 1.Protections that sites use for balance check page User account Pin/cvv or security code Captcha Verification via e-mail Limiting page requests Doesn't show if the gift card number or pin is wrong Csrf tokens No protection :D For what you can see there many options for the sites to protect their customers gift cards from being stolen. Most popular shops like nike,puma and etc will have good protection measures so you can forget trying to rape them. 2. Identifying gift card numbers 2.1. Sequential numbers As you can see 99700002 are sequential numbers and the other remaining are only 5 random numbers. Since this site doesn't have any protection it's really easy to get valid gift cards with balance, but it's really rare to find a site like this. 2.2. Luhn algorithm Some sites use luhn algorithm for gift cards you can identify luhn algorithms here. 2.3. Regex Regex is mostly used for e-gift cards that includes letters, using regex increases your chance to get a hit instead of using the same letter. Example from Netflix regex: LEQ\d[A-Z]\d\d\d\d\d\d 3. Finding sites and exploiting them 3.1. Finding sites You will have to use your imagination with google dorks to find the best results. Simple Example: inurl:giftcardbalance OR inurl:giftcard + "check" -pin -captcha 3.2. Exploiting site This is the hardest part because you will have to use your brain to find the best approach and think if its worth exploiting the site. What do i mean by if its worth exploiting? For example: Site has 16 digits number without a pin but has captchas, has 8 sequential numbers 8 other are random. You will have to calculate the captchas prices per request and calculate if you cover the captchas cost and make some profit. If you decided it is worth obviously you will have to make a config/checker or pay someone to do that for you, if isn't worth just keep looking for another site. 4. Using gift cards in-store So some sites have balance check page without a pin, but when you are in the check out page they ask for a pin. So there is a bypass for that if you don't want to use javascripts to crack pin, but they need to have barcode based gift cards like this(without magnetic stripe): So basically what you do is download stocard app or use barcode generator and download the photo of the barcode and use it in-store. This tutorial took a while to write, if you want a part 2 about gift cards cloning show some support :ezy: [/hide] Quote Share this post Link to post Share on other sites
CaptainWaffle_ 2 I want to see this!Anyway thanks for the share! Quote Share this post Link to post Share on other sites
Skrookie 3 If this includes something of value to me or anyone else then I'll leave a like Quote Share this post Link to post Share on other sites
CPlusPlus 4 looks interesting ty for the share mate Quote Share this post Link to post Share on other sites
topy-31 0 I want to see this!Anyway thanks for the share! Quote Share this post Link to post Share on other sites
tobiasetienne 1 [align=left] I've never heard anything about this subject. We learn something every day ig. :fiesta: Quote Share this post Link to post Share on other sites
duxibimu 0 إذا كان هذا يتضمن شيئًا ذا قيمة بالنسبة لي أو لأي شخص آخر ، فسأترك مثلًا Quote Share this post Link to post Share on other sites