06-15-2013, 07:30 PM
Features:
PROGRAM FEATURES
- Supports Ajax
- Full OCR support
- Supports Fixed Captcha OCR sites (like sites that use Strongbox for example) by an user configurable database
- Features a special "Acquire Images" engine that let the user extend the database for fixed captcha sites. Moreover a training page can be generated in order to train Tesseract for specific fonts.
A database which includes Strongbox and other sites is included.
- Supports HTTPS
- Supports Socks 4a/5
- Features an advanced configuration of all the engine stages by using special variables: in this way user is able to configure correclty the engine for very specialized cases.
- Supports fully configurable Keywords Capture (useful in order to get premium account details)
- Supports fully configurable Form JavaScript Redirect (useful to get the page where a premium account detail is shown)
- Supports multiple additional form redirects, i.e. MBA is able to call additional URLs in order to capture keys from multiple pages.
- Supports advanced custom Parsing Code
- Supports advanced special Keywords Matching Functions
- Features an advanced Proxy Analyzer which supports special cleaning and filtering functions, above all the proxy filtering by IpFilter.
An IpFilter tweaked for the use with Sentry is included.
- Other unique features that you must discover by yourself
Version 1.3.4c List of changes:
- Added new option in Fakes Settings frame to enable keywords engine on Intermediate Action stage.
- Added remove duplicates function in wordlist frame. After removing duplicates, user must save wordlist before it can be used in the bruteforcer.
- In all URLs and Post fields from Post Wizard , and will be replaced with the user and pass of the combo being tested and with the OCR code of the recoginzed image, if any.
- Now both good users and combo expired will be added to the Users/Combo tab in progression frame.
- Wordlist position will be saved based on the file fingerprint computed directly on the file content: in this way position will be rembered even if user changes filename.
- If the same wordlist is used by multiple brutefrocers, it is shared at progression frame level in order to optimize memory usage.
- From the history options frame user can tell MBA what types of progression results must be sent automatically to the history.
- Solved two critical bugs that would lead to an out of memory error.
- Solved a major memory leak in history analyzer. Moreover loading time of history bots has been improved.
- Solved a major bug in hisotry frame that would cause the hits obtained with separate lists to be deleted at the program start.
Finally two new Tess languages have been added...thanx to Jenva22/Atterdale as always
a Readme is included for more info!!
1.4 Release Notes:
Quote:
Download : http://www.>>>[[[Reported by Me...PS-support</pass></user></email></pass></user></email></email></pass></user></pass></user>
PROGRAM FEATURES
- Supports Ajax
- Full OCR support
- Supports Fixed Captcha OCR sites (like sites that use Strongbox for example) by an user configurable database
- Features a special "Acquire Images" engine that let the user extend the database for fixed captcha sites. Moreover a training page can be generated in order to train Tesseract for specific fonts.
A database which includes Strongbox and other sites is included.
- Supports HTTPS
- Supports Socks 4a/5
- Features an advanced configuration of all the engine stages by using special variables: in this way user is able to configure correclty the engine for very specialized cases.
- Supports fully configurable Keywords Capture (useful in order to get premium account details)
- Supports fully configurable Form JavaScript Redirect (useful to get the page where a premium account detail is shown)
- Supports multiple additional form redirects, i.e. MBA is able to call additional URLs in order to capture keys from multiple pages.
- Supports advanced custom Parsing Code
- Supports advanced special Keywords Matching Functions
- Features an advanced Proxy Analyzer which supports special cleaning and filtering functions, above all the proxy filtering by IpFilter.
An IpFilter tweaked for the use with Sentry is included.
- Other unique features that you must discover by yourself
Version 1.3.4c List of changes:
- Added new option in Fakes Settings frame to enable keywords engine on Intermediate Action stage.
- Added remove duplicates function in wordlist frame. After removing duplicates, user must save wordlist before it can be used in the bruteforcer.
- In all URLs and Post fields from Post Wizard , and will be replaced with the user and pass of the combo being tested and with the OCR code of the recoginzed image, if any.
- Now both good users and combo expired will be added to the Users/Combo tab in progression frame.
- Wordlist position will be saved based on the file fingerprint computed directly on the file content: in this way position will be rembered even if user changes filename.
- If the same wordlist is used by multiple brutefrocers, it is shared at progression frame level in order to optimize memory usage.
- From the history options frame user can tell MBA what types of progression results must be sent automatically to the history.
- Solved two critical bugs that would lead to an out of memory error.
- Solved a major memory leak in history analyzer. Moreover loading time of history bots has been improved.
- Solved a major bug in hisotry frame that would cause the hits obtained with separate lists to be deleted at the program start.
Finally two new Tess languages have been added...thanx to Jenva22/Atterdale as always
a Readme is included for more info!!
1.4 Release Notes:
Quote:Quote:Quote:1.4.1 Changelog:
- Added support for three fields bruteforcing. Now when you'll start a bruteforcer session, MBA will ask you how to map the bruteforcer fields to the loaded wordlist. It works in this way:
The bruteforcer fields are called , and . Take note that even if the third field is called it doesn't need to be linked to an email!
Each word of the loaded wordlist is treated like field1:field2:field3, i.e. now each word in the wordlist can be either a single, double or triple word. It will be called anyway a combo since i like the word to be named combo
So from the start bruteforcer form you will be able to assign field 1 to either , and . Same rule applies to field2 or field3.
Finally take note that in basic mode you should always assign field1 to and field2 to . If you need otherwise, then you must switch to master mode.
- POST Wizard is now called Master Wizard. Here the main changes/additions:
1) For all the HTTP stages (except for the OCR one) user can set the call method: Head, Get, Post, Post MultiForm, Post Json. Take note that for the new POST methods you must format the POST data in the usual way...MBA will change the format
automatically once the POST data is built. Moreover for Json if you need to add a multivalue parameter just add \s at the end of the name parameter. In order to close a multiparameters section, add \e at the end of the name of the last parameter
of the section. Sections left open will be closed automatically, so no need to add \e to the last parameters.
2) Improved the default parsing engine, that now is fully three fields compatible. So now you can tell the default parser how many bruteforcer fields you expect from the form. For this you must use the indexes near each field. See context help for more detail.
3) Added Debugger available from the POST Wizard. In this way you can check for example all the forms and fields captured and debug any config error quickly. A debugger is available from OCR Wizard too.
4) Now you can parse form data from the Intermediate action ("From IA" option). Useful for sites for which the login page is actually called in the second stage.
5) You can enable/disable follow redirect for Intermediate action and redirect URL. Take note that a redirect to another domain will not be followed and will trigger instead an IP ban.
6) Now you can set mutiple redirect keys (and you can tell MBA if a key has to be a source key or a header key) and you can build them with the keyword wizard.
- Improved the parsing code engine. Her the main changes/additions:
1) Now the function premium date is only one, but it is in fact a universal date converter. It will recognize automatically unixtime, days remaining format and (year, month, week, minute, hour, second) format. Only action user has to take it is when the premium date is given in
seconds remaining. In this case just add "second" as prefix or suffix.
2) Added user and pass functions. If a data extracted is marked as user or pass it will be added in the columns user and pass of the history.
3) Now you can set recursive option and capture target option for each field.
4) You can add mutiple fields even if parsing code is not used for capture or post fields extraction. This means that you can add multiple fields extraction when parsing code is used as a variable input.
In this case all fields captured will be just joined. But you will get a nice feature if you enable recursive parsing code from variable wizard. In this case each field captured mutiple times will
generate a vector of size equal to the number of times the parsing code has matched the field parsing strings.
For example let's suppose you have a parsing code which captures fields field1 and field2.
field1 is captured 4 fimes with values field1_1, field1_2, field1_3, field1_4.
field2 is captured 1 time with value field2_1.
You will get a vector Key[] of size 4 with these values:
Key[1] = field1_1field2_1
Key[2] = field1_2field2_1
Key[3] = field1_3field2_1
Key[4] = field1_4field2_1
What to do with this vector? Well when you have computed a variable in such way, you can do only one thing with the var...Assign it to an additional redirect paameter (be it POST or URL)...the additional redirect URL will be called in this case four times, each time with
the assigned value corresponding to the index assigned, i.e. first time MBA will use Key[1], second time Key[2] and so on.
5) Added Pefix and Suffix inputs. They will be added right before and after the data extracted. In chain mode with these ones filled, you can get almost all work done with just one variable
- Improved the variables engine:
1) Added new crypto functions (RSA and HMAC) and all SHA hash methods, plus other convert and string functions.
2) Now variables supports mutiinput functions. In order to configure such functions, new functions have been added, SetParameterIndex and SetParameterValue, see context help for more details.
3) Now you can re-assign an already computed variable with the new function SetField. With this one you can also set the user, pass and email of the combo being tested. The captcha too can be reasiigned.
This feature together with the new variable flow control options will give the user the chance to excecute different variables codes as a function of the server response.
4) Now you can assign the header too to any stage. Mutiple headers can be assigned if you use \n as fields separator. Fields already present will be replaced.
5) Added OCR stage. In this way you can manipulate captcha code right after the image is recognized.
6) Added loop variables. Thiese variables will set the enry point of a loop cycle that can be triggered by the new Jump function.
7) You can add additional redirect URLs by variables. This will let you to add such URLs recursively based on the response got from the last additional redirect URL.
- Totally rewritten the HTTP debugger.Go to check, too lazy to explain the details here.
- In Keywords Wizard you can set keys for Intermediate action only. Moreover fake image ban key has been added.
- Other major and minor improvements/additions here and there.
- Solved critical, major and minor bugs.
Finally new languages from cp20 to cp26 (excluded cp21...) have been added. Thanx go to Jenva/Atterdale and machak
Quote:
Quote:Quote:- Added new option in general settings frame to save automatically to check combos on file upon end of bruteforcing session.
- Added new option in general settings frame to detect automatically problems with internet connection: this one should prevent endless socket loop under some network conditions.
- Bruteforcer wordlist position is saved automatically each 60 seconds for each site. The saved positions will be reloaded and saved in the relative snapshots at the program start if the program closes unexpectedly.
- History filters defined in the history options frame are now loaded automatically in the history frame. Fon this reasons now most options are gone in the context menu, since they are grouped in the filter modes and can be expanded by the user.
- Added new capture functions in the parsing code wizard. The new data type will be saved under new columns available in the history frame.
- Added new functions in the variables wizard, check the pdf for the details. In particular you can now issue a key match by variables...moreover added just one function that will help users who want to do real time combo manipulation by variables.
- Intermediate action stages can now be fully configured with variables.
- Progression frame -> Bot Debugs can now be cleared, check new command available in the progression frame.
- Defined new HTTP codes in the statistics panel by the progression frame. Move the mouse pointer on the code and context help will tell you the meaning.
- Global keys are now checked after site keys regardless of the key type.
- All hard aborted combos (such combo are not tested!) will now go to the to check tab.
- Added new scan function in wordlist frame: this function will scan a directory for wordlists and will tell you for each one the saved position and progression for the currect selected snapshot. For this function to work a snapshot has to be selected in the main site menu.
Moreover wordlist lengths will be stored only upon opening the file in wordlist frame. So if you want this feature to fully work you should open in wordlist frame at least one time the list you want to track for.
- History options frame -> User can now activate/deactivate the realtime update of history frame by bruteforcer. This option is deactivated by default.
- History options frame -> User can now tells MBA if he wants sources and debugs to be saved by file together with the result in the history frame. This option is activated by default.
- Main file settings and site settings files (i.e. snapshots) are now loaded in memory.
- Improved detections of proxies that do not support SLL when bruteforcing a HTTPS site: such proxies will issue a 419 code and will be banned.
- Added new options in proxy analyzer: in particular you can now analyze a HTTPS site; moreover you can set how many keywords you want for site specific analysis and differentiate between header and source key. Finally engine has been improved too. Go check all the changes you lazy one
- Now all sites in main sites menu are ordered by main site sub-domain.
- Other additions here and there. (i.e. the one i forgot i made )
- Major and minor improvements here and there. (too lazy to write down the list...)
- Major and minor bug fixes here and there. (there are to be some right? )
Finally language samples have been updated and a new tess language (cp27) is availbale -> thanx go to choper for this one
Download : http://www.>>>[[[Reported by Me...PS-support</pass></user></email></pass></user></email></email></pass></user></pass></user>