Table of Contents

Script Manual

The program is all based on a simple script engine that we developed on our own which could theoretically be used to submit anything to any platform you can think of. Though it might be a bit hard to figure out the meaning behind the values. This document tries to explain everything in an hopefully easy way.

Here are some helpful links on engine writing and syntax highlighting:

The Structure

Each engine is defined by a simple ini file that has to be placed in the “Engines” folder located in the programs installation folder. To those of you who do not know what a ini file is let me explain it shortly. A ini file is a simple text file that you can open in a text editor like Notepad. It has a section, a variable and a value.

[SECTION]
variable=content

Everything is not case sensitive so you don't have to care if you write [SECTION] or [Section]. There are basically two types of engines.

The SETUP Section

This section defines global settings used to identify a website or set a description. The possible values are described below:

VariableAllowed values / Description
enabled1 = Engine is usable from GUI (default)
0 = Engine is not usable from GUI
default checked1 = When a new project is created, this engine will be enabled (default)
0 = This engine is not checked on a new project
engine typeName the type of the engine e.g. Directory, Forum, Blog Comment,…
This will be used to sort it into the tree view when you edit or create a project.

Example: engine type=My Engines
descriptionJust write some notes about this engine that get shown when the user moves the mouse over the engine name in the tree view. You can use \n to generate a line feed.

Example: description=My little Engine\n\n© GSA Supported\n\nHave fun
dofollow1 = This engine creates a do follow link
0 = This engine creates a no follow link
2 = This engines produces both, no follow and do follow links.
anchor text1 = This engine creates links with your anchor text
0 = This engine creates links with there own anchor texts like “Homepage” or “Visit XYZ's Site”.
2 = This engine might create both, anchor text links and links with there own anchor text.
uses pages1 = This engine uses pages
0 = This engine uses no pages
2 = This engine uses might use pages or not.

For some engines the link will move to page 2 or beyond and might not be visible if you visit that page later. The link is still there but on a different page. This is just an informational data and not used in any way right now.
page must haveThis parameter is used to check whenever the webpage is usable for this engine or not. The content of this variable has to be present in the webpage (either pure text or html source). The variable can have multiple values separated by a | where just one has to match.

Example:
page must have1=Powered by XYZ|XYZ Powered
page must have2=!not allowed to access this page
page must have3=Webpage|Homepage

In the above example you see 3 variables and each of them has to match before a engine is used for that website. The ! parameter in “page must have2” means that the following should not appear on the page.
url must haveThis parameter is used the same way as “page must have” but for the URL string itself and not for the website content.

Example: url must have1=/wiki/
url must have2=!wikipedia.com

In the above example we will not use this engine for URLs that contain wikipedia.com or do not have “/wiki/” in there URL.
fixed urlIf no “search term” is used, you have to use this tag to indicate that the submission is just happening on one fixed site (usualy some kind of web 2.0 site with blog creation).

Example: fixed url=https://my.opera.com/

This is than adding the URL to the target URLs of the project and starts a submission to it.
search termThis is used to search for new targets on the internet with the help of search engines like google.

Example:
search term=“Powered by XYZ”|“Powered by XYZ”

The example above uses two possible search queries. You can use also encoded the search term already if you want with “%90%AF%24”. This is useful for queries in some strange language. The program will pick one of the queries randomly so the order is not important.
add keyword to search1 = Add a keyword from the project to the search query
0 = Never add a keyword to the search query
2 = Add just sometimes a keyword to it if it seems to be useful (default)
use blog search0 = Never use blog search engines
1 = Use blog search engines (default)
2 = Use only blog search engines
extract keywords1 = Extract keywords from the sites meta tags. These can be used later on
0 = Don't extract keywords (default)
extract keywords ignoreIgnores the keywords and will not add them.

Example: extract keywords ignore=blog,wordpress

If the meta keywords for that site are “SEO, blog, wordpress” then the program will just extract SEO from it.
extract urls1 = Extract URLs from the sites.
0 = Don't extract URLs (default)

If enabled, the program will download verified URLs and try to post to sites found as external links.
posted domain checkOverwrites project settings: Avoid posting URL on same domain twice
0 = do not post any link if anything has been posted before
1 = allow to post a link again on the same domain (but only if the URL is different)
2 = special setting for tier projects that would than allow to post several URLs on the same site.
skip ext links onOverwrites project settings: Skip sites with more than
1 = setting from project is applied
0 = setting from project is ignored
skip content onOverwrites project settings: Skip sites where the following words appear
1 = setting from project is applied
0 = setting from project is ignored
skip url content onOverwrites project settings: Skip sites with the following words in URL/Domain
1 = setting from project is applied
0 = setting from project is ignored
skip nofollow links onOverwrites project settings: Try to skip creating Nofollow links
1 = setting from project is applied
0 = setting from project is ignored
skip pr onOverwrites project settings: Skip sites with a PR below
1 = setting from project is applied
0 = setting from project is ignored
referrerSets a fixed referrer that is used when downloading content or submitting something to this site.

Example: referrer=%url%

This will always use your URL from the project as a referrer.
user agentInstead of using a user agent that the program chooses for you, you can define it here.

Example: user agent=Some Legit Browser v1.01

This might be useful for exploits where you e.g. can send a html link in the “user agent” that is than turned to a real link on a page.
extract from emailIf you use email verification in the engine you might need to extract not only verification URLs, but also variables like a login or password from the emails. This can be done here.

Example: extract from email=key,forum_password=email_pw

This example will try to extract the data for key (section key) and forum_password (defined in email_pw section). Please read the chapter Data Extraction for details.
whois onlyVery special variable that is only used for engines that submit your URL to sites that carry your domain in there URL.
0 = Not a whois only engine (default)
1 = Only whois submission and if not detected as a whois one, skip submission
captcha hintA hint that should be displayed along with the captcha input
multiple posts per accountDefines if it is allowed to create more than one post per account. By default this is set to 1 (true) but only used for Article posting engines. On some engines it is useful to set this to 0 (false) when just one Article is possible to be posted (e.g. article in profile link)
keep subdomainDefines if a special domain with it's subdomains should be handled as a new site/domain.

Example: keep subdomain=domainXYZ.com

If the program has two URLs like A.domainXYZ.com and B.domainXYZ.com, then it will handle them as two different sites where it previously would have taken them as the same.
max download sizeOverwrites the global filter for the maximum amount of MB to download per GET/POST request.

The STEP Section

There are 4 types that can be used:

You can define as many steps as you want but they have to be in sequence like [STEP1] [STEP2] and so on.

The following fixed variables can be used:

VariableAllowed values / Description
find linkSearches the site for a anchor text and downloads that URL to work on with. You can use more than one link text when separated with |.

Example:
find link=Register|Registrieren|Sign up|Signup

The example will search for a link that has at least one of the above anchor texts.
find urlSearches the site for a URL that is matching one of the masks defined in the variable.

Example:
find url=*/register|*/register.php|*/signup/*

You should always use find link and find url in combination so that if one fails the other is used.
optional find url link0 = A link has to be found else we abort the submission (default)
1 = If no link is found we continue to find a form or whatever should be done in the current submission step.

Example: optional find url link=0
alternative urlIf find url and find link are not finding any URL that can be used, we will generate an alternative URL.

Example: alternative url=./register.php\\
browse linksThis will take the variable content and browse to the site. It is just useful for directories maybe where you first have to browse to a certain category till you are allowed to start a submission.

Example: browse links=%category%

If your project category is defined like “Computer :: Software :: Shareware”, than the program tries to surf to Computers followed by finding a link names Software and than Shareware.
browse links from root1 = The root URL is used for “browse links” in case the start URL is a sublink.
0 = Start the “browse links” from where we are.
browse links url maskTells the program to just search for URLs matching that mask.
just download1 = Download the new URL and continue with STEP2 or finish the submission if nothing else should be done.
0 = a form has to be found to start the submission (default)
form idTry to find a form on the current webpage that has a ID as in the variable content. Again you can use | to have multiple variations. Not many sites use a ID in the <form> tag but some do.

Example: form id=signupform|signup

This tries to find a from with the ID called signupform or singup.
form classTry to find a form on the current webpage that has a class as in the variable content. Again you can use | to have multiple variations. Not many sites use a class in the <form> tag but some do.

Example: form class=cls-input

This tries to find a from with the class called cls-input.
form nameTry to find a form on the current webpage that has a name like the variable content. If no name is used in the <form> tag, the caption of the submit button is used.

Example: form name=*Sign Up|*Register

This tries to find a form there the name or the submit button's name is either matching “*Sign Up” or “*Register”.
form methodTry to find a form on the current webpage that has a method as in the variable content (post or get).

Example: form method=post

This tries to find a from with the method post and not get.
form urlTry to find a form where the submission URL would match the variable content.

Example: form url=*/signup.php|*/signup/

This tries to find a form where the resulting submission URL after pressing the submit button would match “*/signup.php” or “*/signup/”.
form url ignoreIgnores forms where the submission URL would match the variable content.

Example: form url ignore=*/search.php

This tries to ignore a form where the resulting submission URL after pressing the submit button would match “*/search.php”.
form request withSome Forms get sent by ajax or some other javascript framework and would than need to send a “X-Requested-With” in the html header. By default nothing is sent by in the HTML header.

Example: form request with=XMLHttpRequest
optional form0 = If no form is found we will stop the submission with a failer (default)
1 = the submission process is going on (STEP2 Section e.g.) even if no form has been found.
seconds to wait before submissionWill wait a given number of seconds before the form is actually submitted. This is useful to not trigger some robot detection system for some engines.

Example: seconds to wait before submission=12

Wait 12 seconds before the form is submitted.
seconds to wait before submission conditionThis will only delay the submission if something in the variable content is found on the webpage.

Example: seconds to wait before submission condition=stop_spam_time

If the word “stop_spam_time” is either present in the html source or the visible text we wait with the submission a given time, else we skip this.
post dataThis is hardly used but will create a custom data that is used to submit to websites instead of using the data from <form>.

Example: post data=this=that&something=else

Have a look in the Pingback or Trackback engine where this is used.
http headerAdd additional headers to the HTTP Request Header.

Example: http header=X-WP-Nonce: xyz;AnotherOne: 123

Used in Wordpress - Article engine.
encode post data1 = encode the data in a proper way as used in POST protocol
2 = encode it using multipart
0 = take the data as it is without encoding anything
3 = encode it using json syntax
variable must be usedA form is only submitted if certain variables have been used in that form.

Example: variable must be used=url,login|email

The above example requires a form to use the variable “url” or “login” and “email”.\\
add fixed data
add fixed data condition



remove fixed data

remove fixed data condition
This will add a form field if the thing in “add fixed data condition” is found on the webpage. This works only if both variables are defined. Don't worry about this to much as you will probably never use this. It is only required if some sites add data to forms by javascript to prevent automated submissions. You can use “remove fixed data” to just remove that from the posting.

Example:
add fixed data=code=%captcha%;hidden=0
add fixed data condition=code_sign;hidden_data

If the webpage has anywhere the word “code_sign” in it we add a new form field called code that will be filled with a captcha. And if the word “hidden_data” is found we also add a new form field called “hidden” with the content “0”.
set unknown variable

set unknown variable condition
If a form field is unknown as we didn't define how to fill it in our engine, we could still fill it by something you define here. The submission aborts if this is not defined and something is unable to get filled. The “set unknown variable condition” doesn't have to be used but if it is, the string on that variable must be present to use this.

Example: set unknown variable=%question%

If a filed is found called “blahantispam193802378” we can still define how to fill this and it gets filled by the value %question% which is handled by a popup asking you how to fill it. Also often used it “set unknown variable=%leave%” which will simply leave the value as it is.
match by option label1 = A form with a select or radio field is filled by checking the variable content against the option labels (the one you see on the browser).
0 = We will not check for a matching label

Example: match by option label=1
match by option value1 = A form with a select or radio field is filled by checking the variable content against the option value (hidden from the users eye in browser)
0 = We will not check for a matching value
match by prefill1 = If the user has filled this field before in the past we use that vontent to fill it (default)
0 = we do not check past submissions on what has been used here.\\
modify submit url
modify submit url condition
Sometimes a javascript is modifying the actual submission URL of a form which is not recognized by default. In this case you can do this with the variables. “modify submit url condition” doesn't have to be present.


Example:
modify submit url=./submit.php?changed=1
modify submit url condition=javascript:modify_url


The form URL is changed to “./submit.php?changed=1” if the string “javascript:modify_url” is found on the webpage.
modify submit type
modify submit type condition
Sometimes a javascript is modifying the actual submission type of a form which is not recognized by default. In this case you can do this with the variables. “modify submit type condition” doesn't have to be present.


Example:
modify submit type=multipart/form-data
modify submit type condition=javascript:modify_type


The form URL is changed to “./submit.php?changed=1” if the string “javascript:modify_url” is found on the webpage.
remove cookie

remove cookie condition
Removes a cookie manually for the given URL/domain

Example: remove cookies=%targeturl%

This removes any cookie for this domain
set cookie

set cookie condition
Sometimes cookies are required to submit a form and they are set by javascript so that the program can not detect them. You can do that manually with these variables. “set cookie condition” doesn't have to be present.

Example: set cookie=passed_check=1

This sets a cookie named “passed_check” with the value “1”.
write fileWrites data to a file.

Example: write file=“C:\temp\accounts.txt” “%targeturl%;%login%;%password%”
recaptcha sitekeyGet the required recaptcha site key

Example: recaptcha sitekey=<fixed key|section|url where to get it>

You can either input the sitekey or the url where to extract it or a section from the script how to extract it like:
\\recaptcha sitekey=get_key

[get_key]
type=extract
url=/recaptcha.js
front=sitekey=“
back=“

Variables usable in SETUP and STEP Section

Some variables can be used globally (SETUP) or in the STEP (some only on STEP1) section.

VariableAllowed values / Description
submit success

submit failed

captcha failed

submit failed retry
At the end of each STEP* the resulting webpage content is checked first against “submit success” and than against “submit failed”. And if one is matching the submission is either set as successful or failed. The text is not case sensitive and multiple items can be added with |.

Example:
submit failed=<div id='errorbox'>|wrong code|letters wrong|user name already taken
submit success=submitted successfully
captcha failed=wrong code|letters wrong
submit failed retry=user name already taken


If the text “submitted successfully” appears on the webpage (source or visible text) then the submission is taken as successful. If the text ”<div id='errorbox'>” is found then the submission is aborted.

Special keywords can be used such as inurl: or httpstatus:.
submit success skip verifyIf a submission is detected as successful and it is e.g. a REGISTER_STEP* then we can skip the verification process if certain stings appear on the page.

Example: submit success skip verify⇒Logout<|>Log Out<

After a successful registration we would normally wait till an verification email arrives to continue with login and submission. However some platforms might allow you to login without this or log you in already. In that case it would be a waste of time to wait for a email from them so we continue to login and submit the content.
verify on unknown status1 = if a submission is not detected as successful or failed it will still be taken as successful (appearing in log with “unknown submission status”)
0 = we assume the submission failed (default)
verify submission1 = verify the submission
0 = do not verify the submission but assume that the link is submitted and will be visible there or is already (default) Even though this is the default behaviour, you should set it to “1” as used in most engines.
2 = this submission step is not creating a link but is used for something else.
Example: verify submission=1

After a successful submission the URL is put to the verification list and checked in intervals if the link appears there.
verify by

verify search for
Defines how to verify a submission. Possible value for “verify by”:

search = try to locate the search form on the page and submit a search using “verify search for
url = downloads the URL in ”verify url” and checks for the present of “verify search for” which is by default your URL
txturl = same as “url” but checks also if the link is appearing just as a text (no html link code).
text = simple text that has to be present
email = logs into your email account and tries to find a link that is coming from the same webpage domain.
extractemail = just parses for data in emails
without downloading any URL. This might be important for verification URLs that are used later on in scripts.

Example:
verify by=email+search,url
verify search for=%website_title%,%url%

This will do actually two verifications (separated by ,). First it tires to log into your email account and checks for links and also checks on the webpage itself using the search form and searching for “Website title”. Once found by one of the methods it will use that resulting URL to check for your URL.
verify url
verify url remove
verify url replace
verify url must have
If you use “search”, “url” or “txturl” in the variable “verify by” and you don't want to check on the last used URL then you can define a different URL here. Since version 11.71 you can also use multiple URLs seperated by |.

Example:
verify url=./index.php
verify url replace=/edit/;/show/
verify url remove=sub/

Imagine the last URL was: “http://www.something.com/sub/edit/?a=2“
It would now be ”http://www.something.com/show/index.php“
use original url to verify1 = this will not use the last URL but the URL we started the whole engine with.
0 = use the last URL at the end of the submission (default)

Example: use original url to verify=1
verify intervalDefines in what interval in minutes this verification should take place (default 180).

Example: verify interval=60

This checks each hour if the submission is verified.
verify timeoutDefines how long we wait in minutes till we assume that a submission will never be successful and skip the whole site (default 7200).

Example: verify timeout=180

Waits 3 hours for a successful verification before giving up.
first verifyThe first verification would start 10 minutes after the submission unless you define it differently.

Example: first verify=60

This means to check one hour after the submission.
verify search detail url1 = If a URL has been located with your wanted data (URL) on it then the verification would normally be finished. Though sometimes you end up with a link not as good as it can be. This is especially the case if you use “search” in “verify by”. In this case a better URL is located by seeing if a DETAIL or MORE or alike link is showing your URL as well. This is by default enabled. Set it to 0 if you think the resulting URL is the best it can find.

Example: verify search detail url=1
try to continue without verification0 = follow exact verification steps (default)
1 = try to skip verification and continue

Example: try to continue without verification=1

When used in a REGISTER_STEP1 section, this would skip e.g. the email verification and try to login and submit your link. In case this goes wrong there is still the normal way to go on (wait verification + login + submit). If the result of a registration is unknown as well as login, then it doesnt continue for now but wait till registration is verified.
modify urlThis is used to change a found URL to something else.

Example: modify url=%targethost% %targetpath%

If the program starts the submission with a URL like ”http://www.something.com/guestbook.php/page=23” you will most likely not find a form to submit your link as this is only on page 1. So in this case the “modify url” removes all parameters from the URL and you end in “http://www.something.com/guestbook.php/page=23”.
modify url conditionIf present it will check if the content is present on the webpage and only apply the “modify url” changes when present.
modify url removeThe same as “verify url remove” but used to modify a URL for the submission.
modify url replaceThe same as “verify url replace” but used to modify a URL for the submission.
modify submit methodUse this to change the form submission method. Valid values are GET and POST.
modify step
modify step condition
modify step condition input
This will go to another submission step if the condition (something in last downloaded page from previous submission step) was found.

Example: modify step=2
modify step condition=*No verification required*

the modify step condition input is optional and will use the content of the webpage as default
Download retriesNumber of tries to submit or download something (default is 1).
Link typeDefines the type of backlink created. Can be anything you want but you might want to use the types already used in other scripts.
remove var cacheWill remove extracted content/variables and makes sure to to reuse them but extract them again

Example: remove var cache=captcha_img

How form fields are filled

First you would have to get all form field names from a form you want to submit to when looking in the html source like…

<form action="submit.php">
	Your page: <input name="homepage" id="hp" type="text"><br>
	Your Comment: <textarea name="comment" id="cmd"></textarea><br>
	<input name="a1" type="hidden" value="0">
	<input name="button" value="Submit" type="submit">
</form>

On the example above you would take just “homepage” and “comment” as the rest is either hidden or a button that is not possible to fill out.

homepage=%url%
comment=%blog_comment%

There are other ways on how the fields can be filled (in that order):

  1. exact variable name (homepage=%url%) in STEPX
  2. exact id (hp=%url%) name in STEPX
  3. exact variable (homepage=%url%) in STEP1
  4. exact id (hp=%url%) in STEP1
  5. match by name (e.g. *page*=%url%) or caption (*Your page*=%url%) in STEPX
  6. match by name (e.g. *page*=%url%) or caption (*Your page*=%url%) in STEP1
  7. match by generic_field.ini by name/caption

As you can see we fill the form field homepage with the content of the variable url and the field comment with the variable blog_comment. Of course the program still needs to know what URL or Blog_Comment is so we have to make that visible for the customer to fill it out when editing a project. And this would look like the following:

[Blog_Comment]
type=memo
allow html=You can use these tags:|<a href="" title="">
allow return=1
must be filled=1
hint=Use some comments here that will be posted to the blogs.
default=%file-comments.dat%
html to bbs=BBCode format allowed
custom mode=1
auto modify=1
auto add anchor url=1
html to markdown=Markdown</option>

The list below explains all possible variables you can use here.

Variable Allowed values / Description
typeCan be one of the following
memo → multiple line
text → simple edit box (default)
email → simple edit box but should have a valid email syntax
url → simple edit box but should have a valid url syntax
category → a category to fill out
file → the customer has to choose a file.
login → a login field
password → a password field
extract → a special field not visible when editing but used to extract data from emails or webpages.
allow html0 = No html allowed
1 = html is allowed
<text> = If the text appears on the webpage we will allow html.

HTML will be removed from your defined content if not supported by the engine (transformed into text only).
allow return0 = no return/line feed allowed
1 = return/line feed is allowed
<text> = If the text appears on the webpage we will allow a return/line feed.
must be filled1 = User must fill this out in project data
0 = User can leave this empty (default)
hintA text that is displayed when the user moves his mouse over the field.
defaultThe default value that is used when creating a new project. You can also use “%file-FILENAME% here in case you want to load the default content from a file.
html to bbs

bbs supports

bbs supports anchor text in url
0 = No conversion (default)
1 = Convert html code to BB code.
<text> = Convert to BB Code only if the text is appearing on the webpage.

Example:
html to bbs=1
bbs supports=url,b,i,u


The variable “bbs supports” defines what this engine can convert. Usually “url” (default).

Please note the spelling as it is “html to bbs” and not “html to bb” as it should have been called.
Also note that ”allow html=1“ has to be set.
bbs supports anchor text in url is enabled by default and will place and anchor text with the URL, if just a plain URL is supported, then use bbs supports anchor text in url=0
custom mode1 = User is asked to manually customize this data before submission (when custom mode is on)
0 = No customization (default)
auto modify1 = Modify the content a bit with random line feeds and other things to make it a bit more unique (not duplicate content).
0 = Do not modify this at all
2 = Modify only line breaks after full sentences
auto add anchor url

auto add anchor url content
1 = Add a link to the end of the post in case the site supports html and no URL could get posted anywhere else.
0 = Do not add a url at all.
2 = Add an URL even though the URL was used before in other fields

Example:
auto add anchor url=1
auto add anchor url content=Click <a href=”%url%“>%anchor%</a>

The program is trying to locate the anchor in the text if there is no URL used in the form. If found it will place a link there, else it will add the line from the ”…content“ variable and put your link there at the end. The program will use it's internal variations if you leave the ”…content“ variable empty.
html to markdown1 = Convert html code to markdown code
0 = Do not convert it
<text> = Convert it if the text is appearing on the website.
Also note that ”allow html=1“ has to be set.
html to custom link format
custom link format
1 = convert html code to a custom format
0 = Do not convert it.
<text> = Convert it if the text is appearing on the website.

Example:
html to custom link format=1
custom link format=[%url% %anchor_text%]

This would be used for Wiki engines where a link is encoded in a special way.
Also note that ”allow html=1“ has to be set.
basic html only1 = keep just basic html tags (default if custom link format is used)
0 = keep html as it is
html line break

html line break format
Converts a normal line break to some html line break (default <br>). You can specify the line break format in “html line break format” if it is some special line break as seen in some wiki engines.

Example:
html line break=1
html line break format=«BR»
custom img formatIf set, it will try to locate the html syntax for images and replace it with that new syntax.

Example:
custom img format=[img=%url%]
custom iframe formatIf set, it will try to locate the iframe syntax for videos and replace it with that new syntax.

Example:
custom iframe format=<iframe src=%url%></iframe>
alternate dataRight now only used for anchor_text which will use something else than the entered data according to its value

Example:
alternate data={click here|my page|webpage}

This will not use the anchor text that the user entered but something else randomly.
static1 = marks this as an important variable that should be saved as it might have to be used later on.
0 = do not save the content.
2 = saves it till next submission process is successful (e.g. for first time verifications it has to be removed later to allow further submissions)


This is important for logins and passwords as the content could be random but we still need to know the login data for later login after a verified registration.
max lengthThe maximum length of the resulting data.
min lengthThe minimum length of the resulting data.
alphaUsed when the type is a login.
0 = no alpha (A-Z) chars allowed
1 = alpha chars allowed (default)
numericUsed when the type is a login.
0 = no numbers allowed
1 = numbers allowed (default)
upcaseUsed when the type is a login.
0 = capital chars are not allowed
1 = capital chars are allowed (default)
lowcaseUsed when the type is a login.
0 = lowercase chars are not allowed
1 = lowercase chars are allowed (default)
capitalize words0 = no modification
1 = Will Capitalize Each Word
removeRemove certain content before we apply it to the form field. See “verify url remove” for syntax.
replaceReplace certain content before we apply it to the form field. See “verify url replace” for syntax.
allow spin1 = User can use spin syntax in project editor (default)
0 = User is not allowed to use spin syntax
tier dataSets the data that will overwrite the input data for tier projects. Just if the “tier data” is empty it will use the one that the user set.

Example: tier data=%tier_title%

If the project is a tier project, it will not use the input data, but instead fill it from the variable %tier_data% which can e.g. be a extract-variable that downloads the URL and extracts the <title></title> value.
allow data url0 = do not allow data URLs → gets removed
1 = allow them (default)

This will remove e.g. images from the article that are Data-URLs

Of course some form fields doesn't need to get filled by a previously defined content from the user in project options. These are e.g. captcha forms or check boxes with someone has to agree to there terms. Just add the content without using variable content like this:

Example Description
agree_tos=1 1 = check the box, 0 = don't check
captcha_code=%captcha%%captcha% indicates that this is a field with a captcha image to fill out
text_question=%question%%question% indicates that this is a random question that the user has to answer.
cap_text=%capquest%%capquest% can be both (captcha or question)
country_box=%random_option%Choose a random item out of a selection box.
signature={Some|A} {spin|spun} textJust fill that field with the text after spinning it.
letters=%textcode% <front>;<back>
something_else=%leave%Leaves this field to it's default content/check state.

If a form field variable is not found in the current section (e.g. [STEP2]) then it is checked from [STEP1] section. If the name=“xyz” is not matching, we try to match by id=“xyz”. In the above example you could also define:

[STEP1]
hp=%url%
cmd=%blog_comment%

%captcha%

This special variable tells the program to extract some captcha image. You can use parameters with this like

%captcha% *image.php?*tries to find the captcha that has image.php? in the URL path
%captcha% fixed:http://some-url-with-captcha.com/image.php?rnd=123is not searching for a captcha but using that fixed URL
%captcha% overlay:*image.php?*is searching for more than one captcha and combines them to one file

Data Extraction

Sometimes you need to extract certain content from the website or the email like a login/password. This can be done by defining a new variable type as the following

[email_pw]
type=extract
front1=Your password is:|Ihr passwort lautet:
back=\n

The ”type=extract“ tells the program to extract data from the email or webpage and not ask the user to fill it in project data when editing a project.

The variable “front1” shows what should be before the things we want to extract and “back” (yes you guessed it) the thing it should cut off the extracted data. You can again add multiple items with | and if you have more than one “front1” you can also add “front2=”, “front3=” and so on. Same for “back”.

VariableAllowed values / Description
front or front1, front2…Defines the content to cut in front of our to extract data. Separate multiple variations by |.
back or back1, back2,..Defines the content to cut in the back of our to extract data. Separate multiple variations by |.
remove html0 = Do not modify it
1 = remove html code
must haveIf the extracted data has not the something appearing in “must have” we set it blank again.
increaseIf the extracted data is a integer we can increase or decrease (negative number) the data by the given value.
defaultIf we have been unable to extract something, we can set a default value here.
urlInstead of using the current URL for extracting something, we extract the content from the given URL.
search urlInstead of using the current URL for extracting something, we search for an URL by the given mask and if found use that URL's content to extract data from.
find link
find url
Instead of using front/back we extract URLs by the given parameters.
name_front / name_back
value_front / value_back
Instead of using front/back we extract actually two values here and later join them with “name=value”. This is useful for cookie extraction.
randomUsual only the first appearance of the extracted data is taken. When you use “random=1” then all data is extracted and a random item from it is used.
inputBy default “input” is the content of the last downloaded/submitted webpage or, if you specified url=… ,that content. With input you can change the source of the content to parse in.
reverseWhen using reverse=1 then it will reverse the result turning 123 into 321.
base64using base64=1 would encode the result to base64 content.
all matches
delimiter
When using all matches=1 together with delimiter=, you can join all found matches into one single string joined with the character defined in delimiter.

A Small Example

In that example the search engine would try to find a new target with the search “Powered by XYZ” or “XYZ Powered”. If the found site also has one of the strings on its page we use this engine and start to submit the data right away as no “REGISTER_STEP1” or “LOGIN_STEP1” is defined.

We first start to locate the correct sublink by searching for a link named “Submit your Site” and/or the URL containing “/submit.php” in it.

On that URL we search for a from that has an ID named “Submitform”, has a name “*Submit” and/or has a URL which matches a mask “*/submit.php?step=2”. Once found we start to extract all form fields and start to fill them. We find “name” and fill it with a random name from the file “names.dat”. We find a form field called “captcha_image” and ask the user to fill that out. We find the field called “url” and fill it with our URL defined in the project settings.

Now we submit the form and check if the submission is either successful (submit success) or not (submit failed).

If it was successful we will add the URL (modified to /latest.php) to our sites for later verification. There we will always download the website and check if our URL is appearing on it. If so we have a verified submission.

[SETUP]
engine type=TEST
description=Just a sample

page must have=Powered by XYZ|XYZ Powered
search term=”Powered by XYZ”|”XYZ Powered”
add keyword to search=0
extract keywords=0

[URL]
type=url
hint=Enter your URL here please
must be filled=1

[STEP1]
find link=Submit your Site
find url=*/submit.php

form name=*Submit
form id=submitform
form url=*/submit.php?step=2

submit success=Your submission was successful
submit failed=Your submission failed

verify submission=1
verify by=url
verify url=./latest.php
verify search for=%url%
verify on unknown status=1

name=%spinfile-names.dat%
url=%url%
captcha_image=%captcha%