PDA

View Full Version : UniBot - A Complete Walkthrough



MikiSoft
05-18-2015, 08:26 PM
Don't know how else to start, so I'll start with FAQ about this tool:

What is UniBot?
- UniBot is a unique program that is used for quick and easy creation of HTTP bots, without knowledge of any programming language and without any torment from designing GUI. It can be found here: http://mikisoft.me/programs/unibot (Virus scan (https://www.virustotal.com/en/file/514a175f936c822ebd9e335e85030ac0618efb15fddf5d0c53 f6a9768631f069/analysis/1431379002); more analysis here (http://anubis.iseclab.org/?action=result&task_id=19ae0e85f8f78d07489646ae1f38178c6) and here (https://malwr.com/analysis/ZTkwNjdlMTliZGQzNGZlNDgwM2U1Nzg2OThiMmMyMmE))

For what is it actually used?
- You can create whatever thing comes to your mind, but most of it are some simple bots on which you will substantially lose time creating them in some IDE.

Does that mean I can create any type of bot?
- Yes, if you are skilled enough. You can create for example bots for voting or commenting, or you can make some bot that will rip out specific content from pages on some site, etc.

I have opened the program and nothing seems to be clear to me. Care to explain?
- That's why I decided to make this tutorial because interface of the program looks complicated, but once you begin to understand everything that I have presented in the following, it should be much clearer (at least I hope so).

So, let's start...

--- User interface ---

As you have seen if you've already downloaded and run the program, the interface may seem a little hard to understand, but don't be afraid. The following picture should cover most of the things that you'll need to know:

http://i.imgur.com/CGmOKGX.png

index - each index contains of one HTTP request (GET or POST) or/and logical statement(s) (If-Then) or/and public/output string(s)
strings - that is data which is gathered before or after the execution of the request, depending on where the string is actually used (on this topic I'll write most because it's very important to know)
If clauses - a place to test strings if they meet certain conditions, and on that basis to decide what next to do (ie. which is next index or to stop the execution of the process)
results - a place where the string results are shown (if that is enabled in their options)

--- Indexes ---

Like I said, indexes must contain at least one request or logical statement for solving, or public/output string. We'll focus on the first.
As you know, the definition of each HTTP bot is to assemble and send a specific HTTP requests, in order to achieve a specific goal. So in this program there are indexes, that present a separate templates of certain requests by which program is headed. As can be seen, each index can have a name for easier orientation.
To complete the formation of a HTTP request, there are two important items: POST data and additional headers, which are starting to appear mostly from the second request by gathering the results of the strings. Don't be confused because I only mention HTTP requests - HTTPS is supported, too.

--- Strings ---

This is the key point of the program, so you should pay special attention in order to learn to make bots after finishing this.

We'll begin with the facts:
- strings usually occur after execution of the first request
- each string should contain at least one command
- command that determines what will be the result must be valid and in accordance with the request that was previously sent
- most of the strings are essential for the continuation of the process
- they're executed depending on where they are used - before or after sending request
- their usage is %name% (where "name" is a name of the string)
- if it isn't public/output, the string will not be executed if there is no place in the index where it is used

If you understand this then we go into analysis of a string that contains one command:
'Hey!'+rpl('Hello, world!','world','Miki') Now let's analyze its parts:

'Hey!' - everything that is under a single apostrophe represents a constant, and this constant is located at the beginning of the string so that will be the first thing printed into it

+ - character for merging a command with a constant, or with an another command

rpl('Hello, world!','world','Miki') - it can be assumed that this is the command for replacing specific text, so in this case in the text "Hello, world!" it replaces "world" with "Miki"

The overall result would be:
Hey!Hello, Miki! These are actually some of the most basic things you need to know if you want to go into the world of programming, but I wouldn't call this real programming because you must know a lot more than working with strings. Anyway, moving on...

If you haven't heard of regular expressions (http://regular-expressions.info), then you should first look at them because they are very important for the formation of the string result. I will not talk about that, because you have a lot of examples and explanations all over the Internet.
The basic command for executing them (which looks like previous) is as follows:
rg(source,regex,replacement) Example:
rg('Hey!Hello, Miki!',', (.*?)!','$1') Result:
Miki

Independent commands:
These are commands that are processed even if they're located in the constants ie. under apostrophes.

First and most important command is: [src]
In its place there will be a complete page source (after completing request of course), with response headers at the beginning.

Second important command is: [nl]
Considering that the commands and the constants are written only in one line, I had to find a way to print the constants in multiple lines, so in place of this command a new line separator will be printed.

Third: [rnd]
In its place will be put random generated characters (upper and/or lower case letters, numbers and symbols), or a number from a given range.
To determine the range of characters that will be included, between the last letter and ] you have to add some of these letters:
U - since the default setting is to include only lowercase letters, this command specifies that only uppercase letters are considered
M - mixed-case: mixed uppercase and lowercase letters
L - includes only letters
D - includes only numbers
S - includes only symbols
The last three letters that define a range of characters can be combined, so we have the following example to generate random email addresses:
'[rndLD]@gmail.com' Result would be:
[email protected] As you can see, there is a default number of characters to be printed, and it's 15. To change this, again at the end we add number of characters that we want to be printed:
'[rndLD8]@gmail.com' Result:
[email protected]
As I mentioned above, there is another thing about this command - and that is to generate a random number from the specified range. Its usage is very simple:
'[rnd5-10]' Obviously, this will generate some number between 5 and 10.

Fourth:
In the place of this command will be the user input, which usage is equivalent to the command above (except the U and M letters that are unnecessary in this case), so I will not say anything more about this.

String options:
After defining the string, the button next to it ("...") will be enabled which represent the options for that string. Click on it to get the following little window, where we choose which options will be used:
http://i.imgur.com/wQuf3Ao.png
Crucial - it is important for the continuation of the process
Public - it is available in the other indexes for modification and usage
Array - after processing the string, if more than one result occurs (when using regex or input), this option applies the template to each of them separately (by making sub-threads), but if the option is disabled then only the first result is used
Output - this is the option that will show the string results in the main window

[i]--- If clauses ---

The next are If clauses, which of course are not required if there is a HTTP request in a given index. If both are included, then the request will be executed first with all the strings that are with it, and then the If clauses with its strings. (After that the public and output strings that haven't been put in the HTTP request nor the If clauses will be executed.)
It is a simple principle of making them, so everyone could understand it without explanation (even better if he knows the mathematical logic, ie. the basics of programming). What I will mention is the operation depending on the results of an entire If clause, which will of course be one of the two possible outcomes - in the case where the If clause is true and the case where it is false. For the both cases, the options are the same.
We see on the right side option "Change proxy" - if the seconds to wait are not defined, it changes current to the next proxy address before proceeding to the next index ("Go to") or finishing process ("Finish"). If there is no available proxy address and the seconds are defined, then the process will not be stopped because seconds to wait will be chosen as alternative.

And that's it.

--- Additional stuff ---

Manipulation with indexes:
You don't have to manually modify configuration file to remove or to insert indexes, instead of that do this:
1. For insertinng an index, press Alt+I. If the index is last, it will be duplicated.
2. For removing an index, press Alt+R.

Proxy and thread settings:
http://i.imgur.com/OjdTRfi.png
Same proxy for each thread - every thread will act independently with a proxy list

Other dependent string commands:
enc(text) - uses URL encode on given text
dec(text) – uses URL decode on given text
u(text) - converts the text to uppercase
l(text) - converts the text to lowercase
b64(text) - encrypts the text with Base64
md5(text) - encrypts the text with MD5
<file> - loads the given file as text (by positioning to the folder where is the program itself)
Other independent string commands:
[oind] – previous array index (ie. last number from origin)
[aind] – current array index
[dt] - current date & time
[thr] - current thread

multipart/form-data POST requests with files:
POST /?action=analyze HTTP/1.1
Host: samplesite.org
Content-Type: multipart/form-data; boundary=-----------------------------280841152422961
Content-Length: 6818
-----------------------------280841152422961
Content-Disposition: form-data; name="DataType"

file
-----------------------------280841152422961
Content-Disposition: form-data; name="ImageFile"; filename="picture.jpg"
Content-Type: image/jpeg

ÿØÿà(...) For the request above, we type this into the Post field:
['DataType':'file';'ImageFile':<picture.jpg>]

String builder:
http://i.imgur.com/S3XxGTD.png
In the field for entering string commands, (if it's not blank then before everything) type [build] and hit Enter.

--- The finish ---

That's all? Well, it's not! I didn't talk about some less important things which will only additionally "overload" this tutorial, so you have to explore it by yourself if you are really interested. Maybe you'll find something unexpected... :)

MikiSoft
05-23-2015, 12:09 PM
Here is a tutorial for making a functional configuration:

Note: You'll need Google Chrome or Mozilla Firefox browser.

Let's say we want to make a bot that will give a vote here (edit: choose another since this is closed):
Provide a Visual Basic 6 Community edition - to allow free download of the VB6 programming language – Visual Studio (http://visualstudio.uservoice.com/forums/121579/suggestions/7462243)

First of all, we open UniBot and paste that URL into the first index:
http://i.imgur.com/QsX3E3G.png

Then we open the browser and go to incognito/private browsing mode to be sure that none of the cookes exist.
After that, we open developer console (Ctrl+Shift+I), select Network tab and then navigate to the above URL.
We'll see something like this:
http://i.imgur.com/G67Kwym.png

Now, we go to the top of the list on the right where is developer window and select the first item. A new window will show below, so we select "Headers" tab and then focus on "Response Headers":
http://i.imgur.com/rzCl2zv.png

For us the important thing will be "Set-Cookie" parameters, so we see that they're two unusual (ID cookies):
__cfduid
_session_id

The response headers are also part of the [src], so we have to extract that two values from it using two regex commands below:
rg('[src]','__cfduid=(.*?);')
rg('[src]','_session_id=(.*?);')

We put these commands where they belong:
http://i.imgur.com/Nj2CESC.png

Then we have to make these strings to be public, because we'll use them in another index. For the each of them, go to options ("...") and check "Public":
http://i.imgur.com/0o24E2z.png

Now we'll focus on the browser window and clear the items in the list by clicking here:
http://i.imgur.com/dGuH13z.png

After that, we should give a vote and catch that request. Click on the "Vote" button on the page and select a number of votes. We will now see this:
http://i.imgur.com/OCdCZlS.png

You can see that the first item and after it another one in the list is a POST request. We click on the first and select again "Headers", but we now focus on the "Request Headers" and notice these things:
http://i.imgur.com/dhVTsWc.png

There is some another parameter (CSRF token) that we haven't catched, and it must be in the page source if it wasn't in the very first response header from above. We open up the page source (Ctrl+U) and find its value:
http://i.imgur.com/CZlTAxG.png

We have now a problem with forming a command to extract that value from source. It can't be like this:
rg('[src]','<meta content="(.*?)"','$1') Since there are two meta content tags, the result would be the first:
authenticity_token We solve this by pointing out to start from the second result. Since the results start from 0 then for the second result command will be:
rg('[src]','<meta content="(.*?)"','$1',1)

We repeat the steps for making a public string from above, and we got now the current (but not final) look of the first index:
http://i.imgur.com/auZAKo8.png

If you have done all of this, you can select the second index:
http://i.imgur.com/b1hGOzr.png

We'll now back to the browser window and right click on the first item from the list, and select to copy link address:
http://i.imgur.com/0MzD1CD.png

The URL is now copied into our clipboard. We paste it into the URL field in UniBot:
http://i.imgur.com/p7uKN4N.png

Now, we back on the "Request Headers" in the browser below list, to look for the POST data that was sent:
http://i.imgur.com/lzwCdUT.png

We'll form it like this for the Post field in UniBot and ignore "debug" parameters:
site2=1&forum_id=121579 It will now look like this:
http://i.imgur.com/701pHJH.png

Also, we must include as additional headers cookies (in strings "cfduid" and "sessionuid") that we have extracted earlier, and the CSRF token:
http://i.imgur.com/cOy2H2G.png

Now we'll back on the browser. We will focus on the "Response Headers", to see yet another unusual cookies (ID and for authentication):
http://i.imgur.com/V5Y0uMD.png

Again, we repeat the previous steps for making public strings with these commands:
rg('[src]','_uservoice_uid=(.*?);')
rg('[src]','auth_token=(.*?);')

And after you have done all of that, the second index finally should look like this:
http://i.imgur.com/00FJF9E.png

Now, we click in the browser on the "votes.json" item in the list and focus on its "Request Headers". We'll see this:
http://i.imgur.com/C1d5uru.png

Again, we find its content in page source:
http://i.imgur.com/CACR3f9.png

We'll use this command to extract it:
rg('[src]','client_key: "(.*?)"','$1')

We back to the first index and put that command into a new string, so it shoud look like this:
http://i.imgur.com/22L7CZx.png

Don't forget to make that string also to be public!

Now, we back on the browser window again and copy link address of the "votes.json" from the list, and then paste it into the third index:
http://i.imgur.com/XpvmplH.png

Because it's also a POST request, me must fill the Post field too. In the browser we focus again on the "Form Data" (below "Request Headers"):
http://i.imgur.com/phLx0lY.png

As we have seen eariler, we form request like this:
uninitialized=true&to=3&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=%oauthkey%

As usual, we fill the additional headers with needed data (but this time we add "uid" and "auth" string into the cookies), and we got this:
http://i.imgur.com/tcuJmOb.png

Note: You can make all strings to be Crucial, if you want to see if commands for them work correctly.

And that's it! You can now test the config or pass it to someone to do it for you if you don't want to search for proxy, since you've voted already from your IP (I don't know will it work if you remove the votes in the browser, since it's another session). :)

Chillivanilli
05-23-2015, 12:45 PM
Awesome program and very detailed tutorial! I hope people don't miss this opportunity to create their own bots!

medsamy
05-23-2015, 12:46 PM
its the first time i see such a tutto for ubot, seems to be very helpful for those who knows what to do with, thats great, thanks MikiSoft, waiting for other tutto for the same bot ot other ones.

Chillivanilli
05-23-2015, 12:48 PM
its the first time i see such a tutto for ubot, seems to be very helpful for those who knows what to do with, thats great, thanks MikiSoft, waiting for other tutto for the same bot ot other ones.

It's not uBot, it's his own program "UniBot" :)
uBot is as far as i know only for controlling the browser.

medsamy
05-23-2015, 01:20 PM
It's not uBot, it's his own program "UniBot" :)
uBot is as far as i know only for controlling the browser.

oh so i confused with ubot, anyway thanks for him , he did a great effort to explain this tool
thanks Chilli for corection

Angemon
05-23-2015, 01:26 PM
Awesome program and very detailed tutorial! I hope people don't miss this opportunity to create their own bots!

Indeed that's a really detailed tutorial, you need to donate him some coins as he is helping to get new coders which will save you time :haha: , thanks MikiSoft , donated 5 coins from my side , waiting for Chilli movement :cool2:

MikiSoft
05-25-2015, 01:25 PM
Thank you all for the kind comments! And thanks for the coins Angemon! :)

Chillivanilli
05-25-2015, 03:03 PM
Angemon indeed, that would be awesome :p MikiSoft i also donated 4 coins to you, i hope you'll release some other software from you here soon :)

MikiSoft
05-25-2015, 03:16 PM
Chillivanilli: Thanks buddy, I will! :)

I really hope that this tool will be accepted by the community.

MikiSoft
05-29-2015, 03:45 PM
http://i.imgur.com/aW6bwqt.jpg

Just a teaser for the next version. ;)

MikiSoft
05-30-2015, 11:31 PM
Updated to v1.1f! (http://mikisoft.me/programs/unibot) Change log:

* Option "Make silent bot" isn’t yet enabled
+ Added new feature – plugins! There are two currently: Math and Simple Captcha with source (VB6)
+ Added new command: enc(text) - uses URL encode on given text
– Fixed some major and minor bugs
– [About week later: v1.1f] Fixed many important bugs (arrays work now)

Ussagui
05-31-2015, 12:44 AM
uaaaaaaaaaaaau :o rly nice post man !! :O
i already saved the page! I dont have time to explore it not ... but i rly want to! *-* AMAZING!!

MikiSoft
06-09-2015, 01:09 AM
Here is a video tutorial for creating Twitter spam bot (watch it in 720p quality):

https://www.youtube.com/watch?v=52WSwDY9nYY

Also, the program is updated to version 1.1f! :)

legendclaw24
06-09-2015, 03:16 AM
Very good :D I'll try it when i am free :D

MikiSoft
07-24-2015, 07:24 PM
After some time of working on a new version, I've finally finished and released it two days ago. It comes with many bug fixes and improvements, so I'm glad to present you v1.2 which comes with a few random configurations for practicing:
http://i.imgur.com/pgQ6bpY.png
For other enhancements, see change log below:
* Option "Make EXE bot" isn't yet enabled
+ Added more options for retry
+ Added two independent commands: [oind] - previous array index, and [aind] - current array index
+ Added .NET 3.5 RegEx (special) plugin
+ 7 random configurations are included in the package
- Fixed a lot of major bugs (many of them were for arrays), changed some minor rules

DonQuixote
07-24-2015, 07:48 PM
Thanks for the detailed tutorial MikiSoft. just bookmarked the download link for future use.
Keep up the good work, i think you'll be the next-in-line coder.
:yeeeeh::yeeeeh:

MikiSoft
07-24-2015, 10:17 PM
Thanks for such kind comment, Rivendell! :)

DonQuixote
07-25-2015, 01:00 AM
Thanks for such kind comment, Rivendell! :)

No problem bro. Welcome. :cool2::cool2:

MikiSoft
07-25-2015, 02:26 PM
I've just created an official support forum for this tool: Home | UniBot Forums (http://unibot.boards.net)
There you can find latest releases with configurations and plugins, and seek for help and guides about creating them or even fire a request. Also, you can report some issues that you've encountered and write suggestions and feedback.
Let's see if that will attract people or not. :)

MikiSoft
07-28-2015, 06:16 PM
Here is something about UniBot, UBot & other similar tools:
UniBot, UBot & other similar tools | UniBot Forums (http://unibot.boards.net/thread/17/unibot-ubot-similar-tools)
You may find there some helpful information regarding this tool and HTTP requests.

MikiSoft
09-09-2015, 08:09 PM
http://i.imgur.com/rTGbRPu.png
Here is finally, a long-awaited version 1.3 with EXE bot support! Want to see how does it look after building? Try it now!
Change log:
+ Option "Make EXE bot" finally enabled - you can now build stand-alone bots (even with plugins included)!
+ Added two independent commands: [dt] - current date & time, and [thr] - current thread
+ Added 2 new configurations - for FeelingSurf (http://feelingsurf.fr) and 10KHits (https://10khits.com)
* Inserting and removing indexes is now easier (Alt+I, Alt+R)
- Fixed many important bugs

MikiSoft
09-16-2015, 02:47 AM
I've finally made a tutorial, and I advise everyone to watch it (in 720p quality):

https://www.youtube.com/watch?v=V-fLb8YCllo

I hope you enjoyed! :)

MikiSoft
09-20-2015, 11:31 PM
Check out these fresh configurations:


Websurf.cz bot (http://unibot.boards.net/thread/25/websurf-cz-bot)
Twistrix bot (http://unibot.boards.net/thread/24/twistrix-bot)
247AutoHits bot (http://unibot.boards.net/thread/23/247autohits-bot)

xwang
09-22-2015, 03:01 AM
I think I should Learn this Unibot.Using your scripts now.

Ryuzaki
09-22-2015, 07:17 AM
Check out these fresh configurations:


Websurf.cz bot (http://unibot.boards.net/thread/25/websurf-cz-bot)
Twistrix bot (http://unibot.boards.net/thread/24/twistrix-bot)
247AutoHits bot (http://unibot.boards.net/thread/23/247autohits-bot)


Congrats to Coder tag

MikiSoft
09-22-2015, 11:06 AM
Thanks Ryuzaki! :)

xwang: Thank you for support, I see that you've already registered on the forum so if something isn't clear you could ask there. ;)

MikiSoft
10-02-2015, 09:56 PM
http://i.imgur.com/8WHNAlR.png

People wanted to run a bot 24/7, but with earlier versions that wasn't possible due to cumulative memory consumption. Well, not anymore - with this new settings you can customize execution even more!

Change log (v1.4):
+ Added "Fine tuning" dialog; running bot for a specific and long time is now possible!
+ Added one new command: dec(text) - uses URL decode on given text
+ Added 4 new configurations, for: 247AutoHits (http://247autohits.com), WebSurf (http://websurf.cz), Twistrix (http://twistrix.com) and Alexa Master (http://alexamaster.com)
+ Added GSA Captcha Breaker plugin with source
- Fixed some bugs

Find the latest version here: unibot.boards.net (http://unibot.boards.net)

dbzdivik
10-11-2015, 06:51 AM
Proof that Gambling Bot Can also be Made via Unibot..
http://i.prntscr.com/e213e792e9d249b7a6cb33c4e7fa5576.png

MikiSoft
02-28-2016, 07:35 PM
UniBot has gone open-source! | UniBot Forums (http://unibot.boards.net/thread/132/unibot-open-source)

:)