User Tag List

21109Views
Page 1 of 3 123 LastLast
Results 1 to 10 of 30
  1. #1
    Coder
    Join Date
    May 2015
    Posts
    48
    Coins
    9
    Thumbs Up
    Received: 21
    Given: 16

    UniBot - A Complete Walkthrough (update 3!) [Make your own bots!]

    Don't know how else to start, so I'll start with FAQ about this tool:

    What is UniBot?
    - UniBot is a unique program that is used for quick and easy creation of HTTP bots, without knowledge of any programming language and without any torment from designing GUI. It can be found here: http://mikisoft.me/programs/unibot (Virus scan; more analysis here and here)

    For what is it actually used?
    - You can create whatever thing comes to your mind, but most of it are some simple bots on which you will substantially lose time creating them in some IDE.

    Does that mean I can create any type of bot?
    - Yes, if you are skilled enough. You can create for example bots for voting or commenting, or you can make some bot that will rip out specific content from pages on some site, etc.

    I have opened the program and nothing seems to be clear to me. Care to explain?
    - That's why I decided to make this tutorial because interface of the program looks complicated, but once you begin to understand everything that I have presented in the following, it should be much clearer (at least I hope so).

    So, let's start...

    --- User interface ---

    As you have seen if you've already downloaded and run the program, the interface may seem a little hard to understand, but don't be afraid. The following picture should cover most of the things that you'll need to know:



    index - each index contains of one HTTP request (GET or POST) or/and logical statement(s) (If-Then) or/and public/output string(s)
    strings - that is data which is gathered before or after the execution of the request, depending on where the string is actually used (on this topic I'll write most because it's very important to know)
    If clauses - a place to test strings if they meet certain conditions, and on that basis to decide what next to do (ie. which is next index or to stop the execution of the process)
    results - a place where the string results are shown (if that is enabled in their options)

    --- Indexes ---

    Like I said, indexes must contain at least one request or logical statement for solving, or public/output string. We'll focus on the first.
    As you know, the definition of each HTTP bot is to assemble and send a specific HTTP requests, in order to achieve a specific goal. So in this program there are indexes, that present a separate templates of certain requests by which program is headed. As can be seen, each index can have a name for easier orientation.
    To complete the formation of a HTTP request, there are two important items: POST data and additional headers, which are starting to appear mostly from the second request by gathering the results of the strings. Don't be confused because I only mention HTTP requests - HTTPS is supported, too.

    --- Strings ---

    This is the key point of the program, so you should pay special attention in order to learn to make bots after finishing this.

    We'll begin with the facts:
    - strings usually occur after execution of the first request
    - each string should contain at least one command
    - command that determines what will be the result must be valid and in accordance with the request that was previously sent
    - most of the strings are essential for the continuation of the process
    - they're executed depending on where they are used - before or after sending request
    - their usage is %name% (where "name" is a name of the string)
    - if it isn't public/output, the string will not be executed if there is no place in the index where it is used


    If you understand this then we go into analysis of a string that contains one command:
    Code:
    'Hey!'+rpl('Hello, world!','world','Miki')
    Now let's analyze its parts:

    'Hey!' - everything that is under a single apostrophe represents a constant, and this constant is located at the beginning of the string so that will be the first thing printed into it

    + - character for merging a command with a constant, or with an another command

    rpl('Hello, world!','world','Miki') - it can be assumed that this is the command for replacing specific text, so in this case in the text "Hello, world!" it replaces "world" with "Miki"

    The overall result would be:
    Hey!Hello, Miki!
    These are actually some of the most basic things you need to know if you want to go into the world of programming, but I wouldn't call this real programming because you must know a lot more than working with strings. Anyway, moving on...

    If you haven't heard of regular expressions, then you should first look at them because they are very important for the formation of the string result. I will not talk about that, because you have a lot of examples and explanations all over the Internet.
    The basic command for executing them (which looks like previous) is as follows:
    Code:
    rg(source,regex,replacement)
    Example:
    Code:
    rg('Hey!Hello, Miki!',', (.*?)!','$1')
    Result:
    Miki
    Independent commands:
    These are commands that are processed even if they're located in the constants ie. under apostrophes.

    First and most important command is: [src]
    In its place there will be a complete page source (after completing request of course), with response headers at the beginning.

    Second important command is: [nl]
    Considering that the commands and the constants are written only in one line, I had to find a way to print the constants in multiple lines, so in place of this command a new line separator will be printed.

    Third: [rnd]
    In its place will be put random generated characters (upper and/or lower case letters, numbers and symbols), or a number from a given range.
    To determine the range of characters that will be included, between the last letter and ] you have to add some of these letters:
    U - since the default setting is to include only lowercase letters, this command specifies that only uppercase letters are considered
    M - mixed-case: mixed uppercase and lowercase letters
    L - includes only letters
    D - includes only numbers
    S - includes only symbols
    The last three letters that define a range of characters can be combined, so we have the following example to generate random email addresses:
    '[rndLD]@gmail.com'
    Result would be: As you can see, there is a default number of characters to be printed, and it's 15. To change this, again at the end we add number of characters that we want to be printed:
    '[rndLD8]@gmail.com'
    Result: As I mentioned above, there is another thing about this command - and that is to generate a random number from the specified range. Its usage is very simple:
    Code:
    '[rnd5-10]'
    Obviously, this will generate some number between 5 and 10.

    Fourth: [inp]
    In the place of this command will be the user input, which usage is equivalent to the command above (except the U and M letters that are unnecessary in this case), so I will not say anything more about this.

    String options:
    After defining the string, the button next to it ("...") will be enabled which represent the options for that string. Click on it to get the following little window, where we choose which options will be used:

    Crucial - it is important for the continuation of the process
    Public - it is available in the other indexes for modification and usage
    Array - after processing the string, if more than one result occurs (when using regex or input), this option applies the template to each of them separately (by making sub-threads), but if the option is disabled then only the first result is used
    Output - this is the option that will show the string results in the main window

    --- If clauses ---

    The next are If clauses, which of course are not required if there is a HTTP request in a given index. If both are included, then the request will be executed first with all the strings that are with it, and then the If clauses with its strings. (After that the public and output strings that haven't been put in the HTTP request nor the If clauses will be executed.)
    It is a simple principle of making them, so everyone could understand it without explanation (even better if he knows the mathematical logic, ie. the basics of programming). What I will mention is the operation depending on the results of an entire If clause, which will of course be one of the two possible outcomes - in the case where the If clause is true and the case where it is false. For the both cases, the options are the same.
    We see on the right side option "Change proxy" - if the seconds to wait are not defined, it changes current to the next proxy address before proceeding to the next index ("Go to") or finishing process ("Finish"). If there is no available proxy address and the seconds are defined, then the process will not be stopped because seconds to wait will be chosen as alternative.

    And that's it.

    --- Additional stuff ---

    Manipulation with indexes:
    You don't have to manually modify configuration file to remove or to insert indexes, instead of that do this:
    1. For insertinng an index, press Alt+I. If the index is last, it will be duplicated.
    2. For removing an index, press Alt+R.

    Proxy and thread settings:

    Same proxy for each thread - every thread will act independently with a proxy list

    Other dependent string commands:
    enc(text) - uses URL encode on given text
    dec(text) – uses URL decode on given text
    u(text) - converts the text to uppercase
    l(text) - converts the text to lowercase
    b64(text) - encrypts the text with Base64
    md5(text) - encrypts the text with MD5
    <file> - loads the given file as text (by positioning to the folder where is the program itself)
    Other independent string commands:
    [oind] – previous array index (ie. last number from origin)
    [aind] – current array index
    [dt] - current date & time
    [thr] - current thread

    multipart/form-data POST requests with files:
    Code:
    POST /?action=analyze HTTP/1.1
    Host: samplesite.org
    Content-Type: multipart/form-data; boundary=-----------------------------280841152422961
    Content-Length: 6818
    -----------------------------280841152422961
    Content-Disposition: form-data; name="DataType"
    
    file
    -----------------------------280841152422961
    Content-Disposition: form-data; name="ImageFile"; filename="picture.jpg"
    Content-Type: image/jpeg
    
    ÿØÿà(...)
    For the request above, we type this into the Post field:
    Code:
    ['DataType':'file';'ImageFile':<picture.jpg>]
    String builder:

    In the field for entering string commands, (if it's not blank then before everything) type [build] and hit Enter.

    --- The finish ---

    That's all? Well, it's not! I didn't talk about some less important things which will only additionally "overload" this tutorial, so you have to explore it by yourself if you are really interested. Maybe you'll find something unexpected...


    0 Not allowed! Not allowed!
    Last edited by MikiSoft; 10-04-2015 at 12:21 PM.

  2. #2
    Coder
    Join Date
    May 2015
    Posts
    48
    Coins
    9
    Thumbs Up
    Received: 21
    Given: 16
    Here is a tutorial for making a functional configuration:

    Note: You'll need Google Chrome or Mozilla Firefox browser.

    Let's say we want to make a bot that will give a vote here (edit: choose another since this is closed):
    Provide a Visual Basic 6 Community edition - to allow free download of the VB6 programming language – Visual Studio

    First of all, we open UniBot and paste that URL into the first index:


    Then we open the browser and go to incognito/private browsing mode to be sure that none of the cookes exist.
    After that, we open developer console (Ctrl+Shift+I), select Network tab and then navigate to the above URL.
    We'll see something like this:


    Now, we go to the top of the list on the right where is developer window and select the first item. A new window will show below, so we select "Headers" tab and then focus on "Response Headers":


    For us the important thing will be "Set-Cookie" parameters, so we see that they're two unusual (ID cookies):
    __cfduid
    _session_id

    The response headers are also part of the [src], so we have to extract that two values from it using two regex commands below:
    Code:
    rg('[src]','__cfduid=(.*?);')
    Code:
    rg('[src]','_session_id=(.*?);')
    We put these commands where they belong:


    Then we have to make these strings to be public, because we'll use them in another index. For the each of them, go to options ("...") and check "Public":


    Now we'll focus on the browser window and clear the items in the list by clicking here:


    After that, we should give a vote and catch that request. Click on the "Vote" button on the page and select a number of votes. We will now see this:


    You can see that the first item and after it another one in the list is a POST request. We click on the first and select again "Headers", but we now focus on the "Request Headers" and notice these things:


    There is some another parameter (CSRF token) that we haven't catched, and it must be in the page source if it wasn't in the very first response header from above. We open up the page source (Ctrl+U) and find its value:


    We have now a problem with forming a command to extract that value from source. It can't be like this:
    Code:
    rg('[src]','<meta content="(.*?)"','$1')
    Since there are two meta content tags, the result would be the first:
    Code:
    authenticity_token
    We solve this by pointing out to start from the second result. Since the results start from 0 then for the second result command will be:
    rg('[src]','<meta content="(.*?)"','$1',1)
    We repeat the steps for making a public string from above, and we got now the current (but not final) look of the first index:


    If you have done all of this, you can select the second index:


    We'll now back to the browser window and right click on the first item from the list, and select to copy link address:


    The URL is now copied into our clipboard. We paste it into the URL field in UniBot:


    Now, we back on the "Request Headers" in the browser below list, to look for the POST data that was sent:


    We'll form it like this for the Post field in UniBot and ignore "debug" parameters:
    Code:
    site2=1&forum_id=121579
    It will now look like this:


    Also, we must include as additional headers cookies (in strings "cfduid" and "sessionuid") that we have extracted earlier, and the CSRF token:


    Now we'll back on the browser. We will focus on the "Response Headers", to see yet another unusual cookies (ID and for authentication):


    Again, we repeat the previous steps for making public strings with these commands:
    Code:
    rg('[src]','_uservoice_uid=(.*?);')
    Code:
    rg('[src]','auth_token=(.*?);')
    And after you have done all of that, the second index finally should look like this:


    Now, we click in the browser on the "votes.json" item in the list and focus on its "Request Headers". We'll see this:


    Again, we find its content in page source:


    We'll use this command to extract it:
    Code:
    rg('[src]','client_key: "(.*?)"','$1')
    We back to the first index and put that command into a new string, so it shoud look like this:


    Don't forget to make that string also to be public!

    Now, we back on the browser window again and copy link address of the "votes.json" from the list, and then paste it into the third index:


    Because it's also a POST request, me must fill the Post field too. In the browser we focus again on the "Form Data" (below "Request Headers"):


    As we have seen eariler, we form request like this:
    Code:
    uninitialized=true&to=3&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=%oauthkey%
    As usual, we fill the additional headers with needed data (but this time we add "uid" and "auth" string into the cookies), and we got this:


    Note: You can make all strings to be Crucial, if you want to see if commands for them work correctly.

    And that's it! You can now test the config or pass it to someone to do it for you if you don't want to search for proxy, since you've voted already from your IP (I don't know will it work if you remove the votes in the browser, since it's another session).

    1 Not allowed! Not allowed!
    Last edited by MikiSoft; 09-22-2015 at 12:17 PM.

  3. #3
    Coder Chillivanilli's Avatar




    Join Date
    Jul 2014
    Posts
    1,200
    Coins
    103
    Thumbs Up
    Received: 273
    Given: 128
    Awesome program and very detailed tutorial! I hope people don't miss this opportunity to create their own bots!

    0 Not allowed! Not allowed!

  4. #4
    Elite Member medsamy's Avatar
    Join Date
    Aug 2014
    Posts
    493
    Coins
    6
    Thumbs Up
    Received: 19
    Given: 52
    its the first time i see such a tutto for ubot, seems to be very helpful for those who knows what to do with, thats great, thanks @MikiSoft, waiting for other tutto for the same bot ot other ones.

    0 Not allowed! Not allowed!

  5. #5
    Coder Chillivanilli's Avatar




    Join Date
    Jul 2014
    Posts
    1,200
    Coins
    103
    Thumbs Up
    Received: 273
    Given: 128
    Quote Originally Posted by medsamy View Post
    its the first time i see such a tutto for ubot, seems to be very helpful for those who knows what to do with, thats great, thanks @MikiSoft, waiting for other tutto for the same bot ot other ones.
    It's not uBot, it's his own program "UniBot"
    uBot is as far as i know only for controlling the browser.

    0 Not allowed! Not allowed!

  6. #6
    Elite Member medsamy's Avatar
    Join Date
    Aug 2014
    Posts
    493
    Coins
    6
    Thumbs Up
    Received: 19
    Given: 52
    Quote Originally Posted by Chillivanilli View Post
    It's not uBot, it's his own program "UniBot"
    uBot is as far as i know only for controlling the browser.
    oh so i confused with ubot, anyway thanks for him , he did a great effort to explain this tool
    thanks Chilli for corection

    0 Not allowed! Not allowed!

  7. #7
    Wind Guardian Angemon's Avatar


    Join Date
    Jul 2014
    Posts
    2,571
    Coins
    813
    Thumbs Up
    Received: 1,186
    Given: 465
    Quote Originally Posted by Chillivanilli View Post
    Awesome program and very detailed tutorial! I hope people don't miss this opportunity to create their own bots!
    Indeed that's a really detailed tutorial, you need to donate him some coins as he is helping to get new coders which will save you time , thanks @MikiSoft , donated 5 coins from my side , waiting for Chilli movement

    0 Not allowed! Not allowed!



  8. #8
    Coder
    Join Date
    May 2015
    Posts
    48
    Coins
    9
    Thumbs Up
    Received: 21
    Given: 16
    Thank you all for the kind comments! And thanks for the coins @Angemon!

    0 Not allowed! Not allowed!
    Last edited by MikiSoft; 05-25-2015 at 01:36 PM.

  9. #9
    Coder Chillivanilli's Avatar




    Join Date
    Jul 2014
    Posts
    1,200
    Coins
    103
    Thumbs Up
    Received: 273
    Given: 128
    @Angemon indeed, that would be awesome @MikiSoft i also donated 4 coins to you, i hope you'll release some other software from you here soon

    0 Not allowed! Not allowed!

  10. #10
    Coder
    Join Date
    May 2015
    Posts
    48
    Coins
    9
    Thumbs Up
    Received: 21
    Given: 16
    @Chillivanilli: Thanks buddy, I will!

    I really hope that this tool will be accepted by the community.

    0 Not allowed! Not allowed!

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •