Author Topic: UniBot - A Complete Walkthrough  (Read 8003 times)

0 Members and 1 Guest are viewing this topic.

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
UniBot - A Complete Walkthrough
« on: May 12, 2015, 05:25:08 pm »
Don't know how else to start, so I'll start with FAQ about this tool:

What is UniBot?
- UniBot is a unique program that is used for quick and easy creation of HTTP bots, without knowledge of any programming language and without any torment from designing GUI. It can be found here: http://mikisoft.me/programs/unibot (Virus scan; more analysis here and here)

For what is it actually used?
- You can create whatever thing comes to your mind, but most of it are some simple bots on which you will substantially lose time creating them in some IDE.

Does that mean I can create any type of bot?
- Yes, if you are skilled enough. You can create for example bots for voting or commenting, or you can make some bot that will rip out specific content from pages on some site, etc.

I have opened the program and nothing seems to be clear to me. Care to explain?
- That's why I decided to make this tutorial because interface of the program looks complicated, but once you begin to understand everything that I have presented in the following, it should be much clearer (at least I hope so).

So, let's start...

--- User interface ---

As you have seen if you've already downloaded and run the program, the interface may seem a little hard to understand, but don't be afraid. The following picture should cover most of the things that you'll need to know:



index - each index contains of one HTTP request (GET or POST) or/and logical statement(s) (If-Then) or/and public/output string(s)
strings - that is data which is gathered before or after the execution of the request, depending on where the string is actually used (on this topic I'll write most because it's very important to know)
If clauses - a place to test strings if they meet certain conditions, and on that basis to decide what next to do (ie. which is next index or to stop the execution of the process)
results - a place where the string results are shown (if that is enabled in their options)

--- Indexes ---

Like I said, indexes must contain at least one request or logical statement for solving, or public/output string. We'll focus on the first.
As you know, the definition of each HTTP bot is to assemble and send a specific HTTP requests, in order to achieve a specific goal. So in this program there are indexes, that present a separate templates of certain requests by which program is headed. As can be seen, each index can have a name for easier orientation.
To complete the formation of a HTTP request, there are two important items: POST data and additional headers, which are starting to appear mostly from the second request by gathering the results of the strings. Don't be confused because I only mention HTTP requests - HTTPS is supported, too.

--- Strings ---

This is the key point of the program, so you should pay special attention in order to learn to make bots after finishing this.

We'll begin with the facts:
- strings usually occur after execution of the first request
- each string should contain at least one command
- command that determines what will be the result must be valid and in accordance with the request that was previously sent
- most of the strings are essential for the continuation of the process
- they're executed depending on where they are used - before or after sending request
- their usage is %name% (where "name" is a name of the string)
- if it isn't public/output, the string will not be executed if there is no place in the index where it is used


If you understand this then we go into analysis of a string that contains one command:
Code: [Select]
'Hey!'+rpl('Hello, world!','world','Miki') Now let's analyze its parts:

'Hey!' - everything that is under a single apostrophe represents a constant, and this constant is located at the beginning of the string so that will be the first thing printed into it

+ - character for merging a command with a constant, or with an another command

rpl('Hello, world!','world','Miki') - it can be assumed that this is the command for replacing specific text, so in this case in the text "Hello, world!" it replaces "world" with "Miki"

The overall result would be:
Quote
Hey!Hello, Miki!
These are actually some of the most basic things you need to know if you want to go into the world of programming, but I wouldn't call this real programming because you must know a lot more than working with strings. Anyway, moving on...

If you haven't heard of regular expressions, then you should first look at them because they are very important for the formation of the string result. I will not talk about that, because you have a lot of examples and explanations all over the Internet.
The basic command for executing them (which looks like previous) is as follows:
Code: [Select]
rg(source,regex,replacement) Example:
Code: [Select]
rg('Hey!Hello, Miki!',', (.*?)!','$1') Result:
Quote
Miki

Independent commands:
These are commands that are processed even if they're located in the constants ie. under apostrophes.

First and most important command is: [src]
In its place there will be a complete page source (after completing request of course), with response headers at the beginning.

Second important command is: [nl]
Considering that the commands and the constants are written only in one line, I had to find a way to print the constants in multiple lines, so in place of this command a new line separator will be printed.

Third: [rnd]
In its place will be put random generated characters (upper and/or lower case letters, numbers and symbols), or a number from a given range.
To determine the range of characters that will be included, between the last letter and ] you have to add some of these letters:
U - since the default setting is to include only lowercase letters, this command specifies that only uppercase letters are considered
M - mixed-case: mixed uppercase and lowercase letters
L - includes only letters
D - includes only numbers
S - includes only symbols
The last three letters that define a range of characters can be combined, so we have the following example to generate random email addresses:
Quote
'[rndLD]@gmail.com'
Result would be:
Quote
6g4fog9bdl1fajn@gmail.com
As you can see, there is a default number of characters to be printed, and it's 15. To change this, again at the end we add number of characters that we want to be printed:
Quote
'[rndLD8]@gmail.com'
Result:
Quote
q6pxd1hp@gmail.com
As I mentioned above, there is another thing about this command - and that is to generate a random number from the specified range. Its usage is very simple:
Code: [Select]
'[rnd5-10]' Obviously, this will generate some number between 5 and 10.

Fourth: [inp]
In the place of this command will be the user input, which usage is equivalent to the command above (except the U and M letters that are unnecessary in this case), so I will not say anything more about this.

String options:
After defining the string, the button next to it ("...") will be enabled which represent the options for that string. Click on it to get the following little window, where we choose which options will be used:

Crucial - it is important for the continuation of the process
Public - it is available in the other indexes for modification and usage
Array - after processing the string, if more than one result occurs (when using regex or input), this option applies the template to each of them separately (by making sub-threads), but if the option is disabled then only the first result is used
Output - this is the option that will show the string results in the main window

--- If clauses ---

The next are If clauses, which of course are not required if there is a HTTP request in a given index. If both are included, then the request will be executed first with all the strings that are with it, and then the If clauses with its strings. (After that the public and output strings that haven't been put in the HTTP request nor the If clauses will be executed.)
It is a simple principle of making them, so everyone could understand it without explanation (even better if he knows the mathematical logic, ie. the basics of programming). What I will mention is the operation depending on the results of an entire If clause, which will of course be one of the two possible outcomes - in the case where the If clause is true and the case where it is false. For the both cases, the options are the same.
We see on the right side option "Change proxy" - if the seconds to wait are not defined, it changes current to the next proxy address before proceeding to the next index ("Go to") or finishing process ("Finish"). If there is no available proxy address and the seconds are defined, then the process will not be stopped because seconds to wait will be chosen as alternative.

And that's it.

--- Additional stuff ---

Manipulation with indexes:
You don't have to manually modify configuration file to remove or to insert indexes, instead of that do this:
1. For insertinng an index, press Alt+I. If the index is last, it will be duplicated.
2. For removing an index, press Alt+R.

Proxy and thread settings:

Same proxy for each thread - every thread will act independently with a proxy list

Other dependent string commands:
enc(text) - uses URL encode on given text
dec(text) – uses URL decode on given text
u(text) - converts the text to uppercase
l(text) - converts the text to lowercase
b64(text) - encrypts the text with Base64
md5(text) - encrypts the text with MD5
<file> - loads the given file as text (by positioning to the folder where is the program itself)
Other independent string commands:
[oind] – previous array index (ie. last number from origin)
[aind] – current array index
[dt] - current date & time
[thr] - current thread

multipart/form-data POST requests with files:
Code: [Select]
POST /?action=analyze HTTP/1.1
Host: samplesite.org
Content-Type: multipart/form-data; boundary=-----------------------------280841152422961
Content-Length: 6818
-----------------------------280841152422961
Content-Disposition: form-data; name="DataType"

file
-----------------------------280841152422961
Content-Disposition: form-data; name="ImageFile"; filename="picture.jpg"
Content-Type: image/jpeg

ÿØÿà(...)
For the request above, we type this into the Post field:
Code: [Select]
['DataType':'file';'ImageFile':<picture.jpg>]
String builder:

In the field for entering string commands, (if it's not blank then before everything) type [build] and hit Enter.

--- The finish ---

That's all? Well, it's not! I didn't talk about some less important things which will only additionally "overload" this tutorial, so you have to explore it by yourself if you are really interested. Maybe you'll find something unexpected... :)
« Last Edit: January 28, 2016, 07:54:36 pm by MikiSoft »

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #1 on: May 12, 2015, 05:28:19 pm »
I must ask because this is the third time that happens to me: Why my thread disappears when I make a post and modify it? ??? It happened yesterday and now when I've tried to reply to some guys that have commented here. It's kinda weird that I have to repost this over and over.

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #2 on: May 12, 2015, 06:27:46 pm »
Thanks, buddy! ;) And thanks to the others who had earlier left a comment here which unfortunately was wiped out together with a thread. :-\

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #3 on: May 12, 2015, 06:42:13 pm »
lrn2smf. Your last tutorial is in the trash, but people seemed to like it. I don't know why ande deleted it. Even though it's a walkthrough, it's still a good (and long) writeup, I suppose.
+1.

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #4 on: May 12, 2015, 06:49:32 pm »
lrn2smf. Your last tutorial is in the trash, but people seemed to like it. I don't know why ande deleted it. Even though it's a walkthrough, it's still a good (and long) writeup, I suppose.
+1.

Thanks.
I see now via e-mail notify that HTH firstly deleted it and then ande. I hope that it won't be deleted onwards. Cheers

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: UniBot - A Complete Walkthrough
« Reply #5 on: May 14, 2015, 10:26:32 am »
Huh, that's weird. Yes, I replied here. I am not into these kind of programs, but I think the tutorial is well written.

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: UniBot - A Complete Walkthrough
« Reply #6 on: May 14, 2015, 10:43:18 am »
Well, I can't speak for ande but I personally abolished it because that's the go-to reaction for *insert RAT/crypter/bot-builder/other skid shit tutorial here*,... I imagine he had the same logic.

I will however not delete this again seeing as an Admin and another Gmod seem to enjoy it

That being said, source code? I trust this about as much as a Jewish man trusts summer camp.
« Last Edit: May 14, 2015, 10:48:01 am by HTH »
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: UniBot - A Complete Walkthrough
« Reply #7 on: May 14, 2015, 11:04:17 am »
Yeayh, yeah. But i don't understand one thing. You say when you open the program's interface, it seems complicated though i thought you are the one that coded the whole damn thing. I mean i do see that your username is mikisoft and you posted it on your site for download.

No problem about the article but mentioning that you released this article on your site won't be much of a problem and own up to what is yours. As much as i would like to see the source, it is your decision to release it or not.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #8 on: May 14, 2015, 01:46:01 pm »
Well, it's not open source but I'll be glad to see analysis here if someone did that - just to prove that it's safe to run.
@kenjoe41: About the interface, it's just my assumption of how others see it. I know that some people said for my programs that they're not noob-friendly. Maybe they were wrong, I don't know. And yes of course that I've firstly posted this tutorial on my blog.

Edit: Here are detailed analysis from these two services:
http://anubis.iseclab.org/?action=result&task_id=19ae0e85f8f78d07489646ae1f38178c6
https://malwr.com/analysis/ZTkwNjdlMTliZGQzNGZlNDgwM2U1Nzg2OThiMmMyMmE
« Last Edit: May 17, 2015, 12:38:10 pm by MikiSoft »

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #9 on: May 17, 2015, 06:04:44 am »
Here is a tutorial for making a functional configuration:

Note: You'll need Google Chrome or Mozilla Firefox browser.

Let's say we want to make a bot that will give a vote here (edit: choose another since this is closed):
http://visualstudio.uservoice.com/forums/121579/suggestions/7462243

First of all, we open UniBot and paste that URL into the first index:


Then we open the browser and go to incognito/private browsing mode to be sure that none of the cookes exist.
After that, we open developer console (Ctrl+Shift+I), select Network tab and then navigate to the above URL.
We'll see something like this:


Now, we go to the top of the list on the right where is developer window and select the first item. A new window will show below, so we select "Headers" tab and then focus on "Response Headers":


For us the important thing will be "Set-Cookie" parameters, so we see that they're two unusual (ID cookies):
__cfduid
_session_id

The response headers are also part of the [src], so we have to extract that two values from it using two regex commands below:
Code: [Select]
rg('[src]','__cfduid=(.*?);')
Code: [Select]
rg('[src]','_session_id=(.*?);')
We put these commands where they belong:


Then we have to make these strings to be public, because we'll use them in another index. For the each of them, go to options ("...") and check "Public":


Now we'll focus on the browser window and clear the items in the list by clicking here:


After that, we should give a vote and catch that request. Click on the "Vote" button on the page and select a number of votes. We will now see this:


You can see that the first item and after it another one in the list is a POST request. We click on the first and select again "Headers", but we now focus on the "Request Headers" and notice these things:


There is some another parameter (CSRF token) that we haven't catched, and it must be in the page source if it wasn't in the very first response header from above. We open up the page source (Ctrl+U) and find its value:


We have now a problem with forming a command to extract that value from source. It can't be like this:
Code: [Select]
rg('[src]','<meta content="(.*?)"','$1') Since there are two meta content tags, the result would be the first:
Code: [Select]
authenticity_token We solve this by pointing out to start from the second result. Since the results start from 0 then for the second result command will be:
Quote
rg('[src]','<meta content="(.*?)"','$1',1)

We repeat the steps for making a public string from above, and we got now the current (but not final) look of the first index:


If you have done all of this, you can select the second index:


We'll now back to the browser window and right click on the first item from the list, and select to copy link address:


The URL is now copied into our clipboard. We paste it into the URL field in UniBot:


Now, we back on the "Request Headers" in the browser below list, to look for the POST data that was sent:


We'll form it like this for the Post field in UniBot and ignore "debug" parameters:
Code: [Select]
site2=1&forum_id=121579 It will now look like this:


Also, we must include as additional headers cookies (in strings "cfduid" and "sessionuid") that we have extracted earlier, and the CSRF token:


Now we'll back on the browser. We will focus on the "Response Headers", to see yet another unusual cookies (ID and for authentication):


Again, we repeat the previous steps for making public strings with these commands:
Code: [Select]
rg('[src]','_uservoice_uid=(.*?);')
Code: [Select]
rg('[src]','auth_token=(.*?);')
And after you have done all of that, the second index finally should look like this:


Now, we click in the browser on the "votes.json" item in the list and focus on its "Request Headers". We'll see this:


Again, we find its content in page source:


We'll use this command to extract it:
Code: [Select]
rg('[src]','client_key: "(.*?)"','$1')
We back to the first index and put that command into a new string, so it shoud look like this:


Don't forget to make that string also to be public!

Now, we back on the browser window again and copy link address of the "votes.json" from the list, and then paste it into the third index:


Because it's also a POST request, me must fill the Post field too. In the browser we focus again on the "Form Data" (below "Request Headers"):


As we have seen eariler, we form request like this:
Code: [Select]
uninitialized=true&to=3&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=%oauthkey%
As usual, we fill the additional headers with needed data (but this time we add "uid" and "auth" string into the cookies), and we got this:


Note: You can make all strings to be Crucial, if you want to see if commands for them work correctly.

And that's it! You can now test the config or pass it to someone to do it for you if you don't want to search for proxy, since you've voted already from your IP (I don't know will it work if you remove the votes in the browser, since it's another session). :)
« Last Edit: September 22, 2015, 02:12:20 pm by MikiSoft »

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #10 on: May 29, 2015, 05:50:31 pm »
Yeah it's a quite new tool. :)



Here is a teaser for the next version. ;)
« Last Edit: May 29, 2015, 05:51:17 pm by MikiSoft »

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #11 on: May 31, 2015, 01:35:52 am »
Updated to v1.1! Change log:
Quote
* Option "Make silent bot" isn’t yet enabled
+ Added new feature – plugins! There are two currently: Math and Simple Captcha with source (VB6)
+ Added new command: enc(text) - uses URL encode on given text
– Fixed some major and minor bugs

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: UniBot - A Complete Walkthrough
« Reply #12 on: May 31, 2015, 05:02:54 am »
Could totally use this to strip funding from websites. Make it click on ads using a randomizing proxy and have the ad service kill their account. Hehe
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough
« Reply #13 on: June 09, 2015, 03:12:51 am »
Here is a video of creating Twitter spam bot (watch it in 720p quality): http://youtube.com/watch?v=52WSwDY9nYY
Also, the program is updated to version 1.1f! :)
« Last Edit: September 16, 2015, 11:31:13 pm by MikiSoft »

Offline MikiSoft

  • Serf
  • *
  • Posts: 21
  • Cookies: 3
    • View Profile
    • My blog
Re: UniBot - A Complete Walkthrough (update!)
« Reply #14 on: July 24, 2015, 09:49:48 pm »
After some time of working on a new version, I've finally finished and released it two days ago. It comes with many bug fixes and improvements, so I'm glad to present you v1.2 which comes with a few random configurations for practicing:

For other enhancements, see change log below:
Quote
* Option "Make EXE bot" isn't yet enabled
+ Added more options for retry
+ Added two independent commands: [oind] - previous array index, and [aind] - current array index
+ Added .NET 3.5 RegEx (special) plugin
+ 7 random configurations are included in the package
- Fixed a lot of major bugs (many of them were for arrays), changed some minor rules
« Last Edit: September 16, 2015, 11:54:21 pm by MikiSoft »