**READ ONLY AHEAD IF YOU KNOW ABOUT PROGRAMMING LANGUAGE , IF U HAVE NEVER LEARNED

C , JAVA , PHP , JS THAN THIS IS NOT FOR YOU**

1: This step is all about pre-paring for the config (getting all requests recorded
and test data)
Press F12 (navigate to network tab) -> then login to the site (keep it open)
as you can see on the left there is a bunch of web request and these are what will
help us create a config so make sure you keep these !

Under Network tab Make sure preserve log is left on to make sure requests are not
cleared after a redirect !

2: Now we are going to look for the login request and the type of request / what we
need to do to replicate it
As you can see in the image below the sign in request is a "POST" request and it
gives us the url "Request URL: https://imgur.com/signin?redirect=%2F "
& we can also see the "post data" right at the bottom

3: Now we are going to add this "request in openbullet block in the stacker"
As you can see below I added a "request" block and changed the request type to post
and this is also where we will be adding the POST data and "headers" if they are
needed

in the POST data make sure you replace the username / pass with <USER> <PASS> or
<MAIL> <PASS>

4: response
After you have made the request it is important to make sure you check the response
and you can do this by pressing "start" then going to "log" this will show the
response of the request
as you can see below we are checking to see if it says "sign out" or not and this
is because if the account is not logged in / request does not work it will not
contain "sign out"

5: Key checks
Now we have our response and we know that if the response contains "sign out" the
account works we can setup a success key for the response.

For success (acc = good)

checks if <source> contains (sign out)

For failure (acc = bad)

the key difference here is the key for failure is checking if the response does not
contain "sign out" where as success is checking it does
checks if <source> does not contain (signout)

6 - Now we can test if the keycheck / config works

As you can see below my original login returns success (as the account is working)
and once any data is changed it becomes "failed" for bad account

Extra - adding a "capture"

Normally after you have logged into an account you can also grab other data on the
account such as points , balance , rewards ect
For example with imgur if I wanted to capture information from the settings page I
would do this
Req URL = https://imgur.com/account/settings (GET req)
and then search for the related content in the tag

Openbullet "parse block"

so LR -> means left to right and you want to select the strings between the data
you want (make sure the strings are static and not dynamic)

is capture : means it will be displayed , this is also the name it will be shown as

Output after you have added more "data to capture" and gave them names

Extra (parse types , CSRF tokens , request types)

Request types
POST ( you are posting some data or content ) normally logins will post some
information such as user + pass
GET request -> you are "GETting content" (normally used to get tokens and data for
cap)

Parse types (block)

LR -> Left to right (you enter the text around what you want to capture(
JSON -> (you can select a json selector) to select a value , for example
{ "nulled": ".to", "leech": "xd", "yes": "no" } to get the "xd" data you would
parse "leech"
Regex: You just simply add the regex expression and get all matches relevant
Recursive / looping -> This just means it will loop through all of the "matches" in
the source for the parse and store them
Prefix / suffix -> simply adds a prefix or suffix before the captured data such as
user + pass + points - 999999 | HvH.site

Parse methods
Get a specific header from response = <HEADERS( HEADER NAME HERE )>
Get a specific cookie from response = <COOKIES( COOKIE NAME HERE )>
Get source response = <SOURCE>

Key checks
Contains = checks if the data "contains a value" / string
Does not contain = checks if the data does not contain a value / string

How to get CSRF tokens

Most of the time CSRF tokens or "access tokens" will be a cookie so you can just
parse the cookie name with <COOKIES(COOKIENAME)> from the source or you will need
to get it from the response <SOURCE>

For example with buffalo wild wings you need to parse a client ID and a client
secret from the source that is in the POST data