Professional Documents
Culture Documents
How To Make OB Config Easy
How To Make OB Config Easy
1: This step is all about pre-paring for the config (getting all requests recorded
and test data)
Press F12 (navigate to network tab) -> then login to the site (keep it open)
as you can see on the left there is a bunch of web request and these are what will
help us create a config so make sure you keep these !
Under Network tab Make sure preserve log is left on to make sure requests are not
cleared after a redirect !
2: Now we are going to look for the login request and the type of request / what we
need to do to replicate it
As you can see in the image below the sign in request is a "POST" request and it
gives us the url "Request URL: https://imgur.com/signin?redirect=%2F "
& we can also see the "post data" right at the bottom
3: Now we are going to add this "request in openbullet block in the stacker"
As you can see below I added a "request" block and changed the request type to post
and this is also where we will be adding the POST data and "headers" if they are
needed
in the POST data make sure you replace the username / pass with <USER> <PASS> or
<MAIL> <PASS>
4: response
After you have made the request it is important to make sure you check the response
and you can do this by pressing "start" then going to "log" this will show the
response of the request
as you can see below we are checking to see if it says "sign out" or not and this
is because if the account is not logged in / request does not work it will not
contain "sign out"
5: Key checks
Now we have our response and we know that if the response contains "sign out" the
account works we can setup a success key for the response.
is capture : means it will be displayed , this is also the name it will be shown as
Output after you have added more "data to capture" and gave them names
Request types
POST ( you are posting some data or content ) normally logins will post some
information such as user + pass
GET request -> you are "GETting content" (normally used to get tokens and data for
cap)
Parse methods
Get a specific header from response = <HEADERS( HEADER NAME HERE )>
Get a specific cookie from response = <COOKIES( COOKIE NAME HERE )>
Get source response = <SOURCE>
Key checks
Contains = checks if the data "contains a value" / string
Does not contain = checks if the data does not contain a value / string
For example with buffalo wild wings you need to parse a client ID and a client
secret from the source that is in the POST data