The program is all based on a simple script engine that we developed on our own which could theoretically be used to submit anything to any platform you can think of. Though it might be a bit hard to figure out the meaning behind the values. This document tries to explain everything in an hopefully easy way.
Here are some helpful links on engine writing and syntax highlighting:
Each engine is defined by a simple ini file that has to be placed in the “Engines” folder located in the programs installation folder. To those of you who do not know what a ini file is let me explain it shortly. A ini file is a simple text file that you can open in a text editor like Notepad. It has a section, a variable and a value.
[SECTION] variable=content
Everything is not case sensitive so you don't have to care if you write [SECTION] or [Section]. There are basically two types of engines.
This section defines global settings used to identify a website or set a description. The possible values are described below:
Variable | Allowed values / Description |
---|---|
enabled | 1 = Engine is usable from GUI (default) 0 = Engine is not usable from GUI |
default checked | 1 = When a new project is created, this engine will be enabled (default) 0 = This engine is not checked on a new project |
engine type | Name the type of the engine e.g. Directory, Forum, Blog Comment,… This will be used to sort it into the tree view when you edit or create a project. Example: engine type=My Engines |
description | Just write some notes about this engine that get shown when the user moves the mouse over the engine name in the tree view. You can use \n to generate a line feed. Example: description=My little Engine\n\n© GSA Supported\n\nHave fun |
dofollow | 1 = This engine creates a do follow link 0 = This engine creates a no follow link 2 = This engines produces both, no follow and do follow links. |
anchor text | 1 = This engine creates links with your anchor text 0 = This engine creates links with there own anchor texts like “Homepage” or “Visit XYZ's Site”. 2 = This engine might create both, anchor text links and links with there own anchor text. |
uses pages | 1 = This engine uses pages 0 = This engine uses no pages 2 = This engine uses might use pages or not. For some engines the link will move to page 2 or beyond and might not be visible if you visit that page later. The link is still there but on a different page. This is just an informational data and not used in any way right now. |
page must have | This parameter is used to check whenever the webpage is usable for this engine or not. The content of this variable has to be present in the webpage (either pure text or html source). The variable can have multiple values separated by a | where just one has to match. Example: page must have1=Powered by XYZ|XYZ Powered page must have2=!not allowed to access this page page must have3=Webpage|Homepage In the above example you see 3 variables and each of them has to match before a engine is used for that website. The ! parameter in “page must have2” means that the following should not appear on the page. |
url must have | This parameter is used the same way as “page must have” but for the URL string itself and not for the website content. Example: url must have1=/wiki/ url must have2=!wikipedia.com In the above example we will not use this engine for URLs that contain wikipedia.com or do not have “/wiki/” in there URL. |
fixed url | If no “search term” is used, you have to use this tag to indicate that the submission is just happening on one fixed site (usualy some kind of web 2.0 site with blog creation). Example: fixed url=https://my.opera.com/ This is than adding the URL to the target URLs of the project and starts a submission to it. |
search term | This is used to search for new targets on the internet with the help of search engines like google. Example: search term=“Powered by XYZ”|“Powered by XYZ” The example above uses two possible search queries. You can use also encoded the search term already if you want with “%90%AF%24”. This is useful for queries in some strange language. The program will pick one of the queries randomly so the order is not important. |
add keyword to search | 1 = Add a keyword from the project to the search query 0 = Never add a keyword to the search query 2 = Add just sometimes a keyword to it if it seems to be useful (default) |
use blog search | 0 = Never use blog search engines 1 = Use blog search engines (default) 2 = Use only blog search engines |
extract keywords | 1 = Extract keywords from the sites meta tags. These can be used later on 0 = Don't extract keywords (default) |
extract keywords ignore | Ignores the keywords and will not add them. Example: extract keywords ignore=blog,wordpress If the meta keywords for that site are “SEO, blog, wordpress” then the program will just extract SEO from it. |
extract urls | 1 = Extract URLs from the sites. 0 = Don't extract URLs (default) If enabled, the program will download verified URLs and try to post to sites found as external links. |
posted domain check | Overwrites project settings: Avoid posting URL on same domain twice 0 = do not post any link if anything has been posted before 1 = allow to post a link again on the same domain (but only if the URL is different) 2 = special setting for tier projects that would than allow to post several URLs on the same site. |
skip ext links on | Overwrites project settings: Skip sites with more than 1 = setting from project is applied 0 = setting from project is ignored |
skip content on | Overwrites project settings: Skip sites where the following words appear 1 = setting from project is applied 0 = setting from project is ignored |
skip url content on | Overwrites project settings: Skip sites with the following words in URL/Domain 1 = setting from project is applied 0 = setting from project is ignored |
skip nofollow links on | Overwrites project settings: Try to skip creating Nofollow links 1 = setting from project is applied 0 = setting from project is ignored |
skip pr on | Overwrites project settings: Skip sites with a PR below 1 = setting from project is applied 0 = setting from project is ignored |
referrer | Sets a fixed referrer that is used when downloading content or submitting something to this site. Example: referrer=%url% This will always use your URL from the project as a referrer. |
user agent | Instead of using a user agent that the program chooses for you, you can define it here. Example: user agent=Some Legit Browser v1.01 This might be useful for exploits where you e.g. can send a html link in the “user agent” that is than turned to a real link on a page. |
extract from email | If you use email verification in the engine you might need to extract not only verification URLs, but also variables like a login or password from the emails. This can be done here. Example: extract from email=key,forum_password=email_pw This example will try to extract the data for key (section key) and forum_password (defined in email_pw section). Please read the chapter Data Extraction for details. |
whois only | Very special variable that is only used for engines that submit your URL to sites that carry your domain in there URL. 0 = Not a whois only engine (default) 1 = Only whois submission and if not detected as a whois one, skip submission |
captcha hint | A hint that should be displayed along with the captcha input |
multiple posts per account | Defines if it is allowed to create more than one post per account. By default this is set to 1 (true) but only used for Article posting engines. On some engines it is useful to set this to 0 (false) when just one Article is possible to be posted (e.g. article in profile link) |
keep subdomain | Defines if a special domain with it's subdomains should be handled as a new site/domain. Example: keep subdomain=domainXYZ.com If the program has two URLs like A.domainXYZ.com and B.domainXYZ.com, then it will handle them as two different sites where it previously would have taken them as the same. |
max download size | Overwrites the global filter for the maximum amount of MB to download per GET/POST request. |
There are 4 types that can be used:
You can define as many steps as you want but they have to be in sequence like [STEP1] [STEP2] and so on.
The following fixed variables can be used:
Variable | Allowed values / Description |
find link | Searches the site for a anchor text and downloads that URL to work on with. You can use more than one link text when separated with |. Example: find link=Register|Registrieren|Sign up|Signup The example will search for a link that has at least one of the above anchor texts. |
find url | Searches the site for a URL that is matching one of the masks defined in the variable. Example: find url=*/register|*/register.php|*/signup/* You should always use find link and find url in combination so that if one fails the other is used. |
optional find url link | 0 = A link has to be found else we abort the submission (default) 1 = If no link is found we continue to find a form or whatever should be done in the current submission step. Example: optional find url link=0 |
alternative url | If find url and find link are not finding any URL that can be used, we will generate an alternative URL. Example: alternative url=./register.php\\ |
browse links | This will take the variable content and browse to the site. It is just useful for directories maybe where you first have to browse to a certain category till you are allowed to start a submission. Example: browse links=%category% If your project category is defined like “Computer :: Software :: Shareware”, than the program tries to surf to Computers followed by finding a link names Software and than Shareware. |
browse links from root | 1 = The root URL is used for “browse links” in case the start URL is a sublink. 0 = Start the “browse links” from where we are. |
browse links url mask | Tells the program to just search for URLs matching that mask. |
just download | 1 = Download the new URL and continue with STEP2 or finish the submission if nothing else should be done. 0 = a form has to be found to start the submission (default) |
form id | Try to find a form on the current webpage that has a ID as in the variable content. Again you can use | to have multiple variations. Not many sites use a ID in the <form> tag but some do. Example: form id=signupform|signup This tries to find a from with the ID called signupform or singup. |
form class | Try to find a form on the current webpage that has a class as in the variable content. Again you can use | to have multiple variations. Not many sites use a class in the <form> tag but some do. Example: form class=cls-input This tries to find a from with the class called cls-input. |
form name | Try to find a form on the current webpage that has a name like the variable content. If no name is used in the <form> tag, the caption of the submit button is used. Example: form name=*Sign Up|*Register This tries to find a form there the name or the submit button's name is either matching “*Sign Up” or “*Register”. |
form method | Try to find a form on the current webpage that has a method as in the variable content (post or get). Example: form method=post This tries to find a from with the method post and not get. |
form url | Try to find a form where the submission URL would match the variable content. Example: form url=*/signup.php|*/signup/ This tries to find a form where the resulting submission URL after pressing the submit button would match “*/signup.php” or “*/signup/”. |
form url ignore | Ignores forms where the submission URL would match the variable content. Example: form url ignore=*/search.php This tries to ignore a form where the resulting submission URL after pressing the submit button would match “*/search.php”. |
form request with | Some Forms get sent by ajax or some other javascript framework and would than need to send a “X-Requested-With” in the html header. By default nothing is sent by in the HTML header. Example: form request with=XMLHttpRequest |
optional form | 0 = If no form is found we will stop the submission with a failer (default) 1 = the submission process is going on (STEP2 Section e.g.) even if no form has been found. |
seconds to wait before submission | Will wait a given number of seconds before the form is actually submitted. This is useful to not trigger some robot detection system for some engines. Example: seconds to wait before submission=12 Wait 12 seconds before the form is submitted. |
seconds to wait before submission condition | This will only delay the submission if something in the variable content is found on the webpage. Example: seconds to wait before submission condition=stop_spam_time If the word “stop_spam_time” is either present in the html source or the visible text we wait with the submission a given time, else we skip this. |
post data | This is hardly used but will create a custom data that is used to submit to websites instead of using the data from <form>. Example: post data=this=that&something=else Have a look in the Pingback or Trackback engine where this is used. |
http header | Add additional headers to the HTTP Request Header. Example: http header=X-WP-Nonce: xyz;AnotherOne: 123 Used in Wordpress - Article engine. |
encode post data | 1 = encode the data in a proper way as used in POST protocol 2 = encode it using multipart 0 = take the data as it is without encoding anything 3 = encode it using json syntax |
variable must be used | A form is only submitted if certain variables have been used in that form. Example: variable must be used=url,login|email The above example requires a form to use the variable “url” or “login” and “email”.\\ |
add fixed data add fixed data condition remove fixed data remove fixed data condition | This will add a form field if the thing in “add fixed data condition” is found on the webpage. This works only if both variables are defined. Don't worry about this to much as you will probably never use this. It is only required if some sites add data to forms by javascript to prevent automated submissions. You can use “remove fixed data” to just remove that from the posting. Example: add fixed data=code=%captcha%;hidden=0 add fixed data condition=code_sign;hidden_data If the webpage has anywhere the word “code_sign” in it we add a new form field called code that will be filled with a captcha. And if the word “hidden_data” is found we also add a new form field called “hidden” with the content “0”. |
set unknown variable set unknown variable condition | If a form field is unknown as we didn't define how to fill it in our engine, we could still fill it by something you define here. The submission aborts if this is not defined and something is unable to get filled. The “set unknown variable condition” doesn't have to be used but if it is, the string on that variable must be present to use this. Example: set unknown variable=%question% If a filed is found called “blahantispam193802378” we can still define how to fill this and it gets filled by the value %question% which is handled by a popup asking you how to fill it. Also often used it “set unknown variable=%leave%” which will simply leave the value as it is. |
match by option label | 1 = A form with a select or radio field is filled by checking the variable content against the option labels (the one you see on the browser). 0 = We will not check for a matching label Example: match by option label=1 |
match by option value | 1 = A form with a select or radio field is filled by checking the variable content against the option value (hidden from the users eye in browser) 0 = We will not check for a matching value |
match by prefill | 1 = If the user has filled this field before in the past we use that vontent to fill it (default) 0 = we do not check past submissions on what has been used here.\\ |
modify submit url modify submit url condition | Sometimes a javascript is modifying the actual submission URL of a form which is not recognized by default. In this case you can do this with the variables. “modify submit url condition” doesn't have to be present. Example: modify submit url=./submit.php?changed=1 modify submit url condition=javascript:modify_url The form URL is changed to “./submit.php?changed=1” if the string “javascript:modify_url” is found on the webpage. |
modify submit type modify submit type condition | Sometimes a javascript is modifying the actual submission type of a form which is not recognized by default. In this case you can do this with the variables. “modify submit type condition” doesn't have to be present. Example: modify submit type=multipart/form-data modify submit type condition=javascript:modify_type The form URL is changed to “./submit.php?changed=1” if the string “javascript:modify_url” is found on the webpage. |
remove cookie remove cookie condition | Removes a cookie manually for the given URL/domain Example: remove cookies=%targeturl% This removes any cookie for this domain |
set cookie set cookie condition | Sometimes cookies are required to submit a form and they are set by javascript so that the program can not detect them. You can do that manually with these variables. “set cookie condition” doesn't have to be present. Example: set cookie=passed_check=1 This sets a cookie named “passed_check” with the value “1”. |
write file | Writes data to a file. Example: write file=“C:\temp\accounts.txt” “%targeturl%;%login%;%password%” |
recaptcha sitekey | Get the required recaptcha site key Example: recaptcha sitekey=<fixed key|section|url where to get it> You can either input the sitekey or the url where to extract it or a section from the script how to extract it like: \\recaptcha sitekey=get_key [get_key] type=extract url=/recaptcha.js front=sitekey=“ back=“ |
Some variables can be used globally (SETUP) or in the STEP (some only on STEP1) section.
Variable | Allowed values / Description |
---|---|
submit success submit failed captcha failed submit failed retry | At the end of each STEP* the resulting webpage content is checked first against “submit success” and than against “submit failed”. And if one is matching the submission is either set as successful or failed. The text is not case sensitive and multiple items can be added with |. Example: submit failed=<div id='errorbox'>|wrong code|letters wrong|user name already taken submit success=submitted successfully captcha failed=wrong code|letters wrong submit failed retry=user name already taken If the text “submitted successfully” appears on the webpage (source or visible text) then the submission is taken as successful. If the text ”<div id='errorbox'>” is found then the submission is aborted. Special keywords can be used such as inurl: or httpstatus:. |
submit success skip verify | If a submission is detected as successful and it is e.g. a REGISTER_STEP* then we can skip the verification process if certain stings appear on the page. Example: submit success skip verify⇒Logout<|>Log Out< After a successful registration we would normally wait till an verification email arrives to continue with login and submission. However some platforms might allow you to login without this or log you in already. In that case it would be a waste of time to wait for a email from them so we continue to login and submit the content. |
verify on unknown status | 1 = if a submission is not detected as successful or failed it will still be taken as successful (appearing in log with “unknown submission status”) 0 = we assume the submission failed (default) |
verify submission | 1 = verify the submission 0 = do not verify the submission but assume that the link is submitted and will be visible there or is already (default) Even though this is the default behaviour, you should set it to “1” as used in most engines. 2 = this submission step is not creating a link but is used for something else. Example: verify submission=1 After a successful submission the URL is put to the verification list and checked in intervals if the link appears there. |
verify by verify search for | Defines how to verify a submission. Possible value for “verify by”: search = try to locate the search form on the page and submit a search using “verify search for“ url = downloads the URL in ”verify url” and checks for the present of “verify search for” which is by default your URL txturl = same as “url” but checks also if the link is appearing just as a text (no html link code). text = simple text that has to be present email = logs into your email account and tries to find a link that is coming from the same webpage domain. extractemail = just parses for data in emails without downloading any URL. This might be important for verification URLs that are used later on in scripts. Example: verify by=email+search,url verify search for=%website_title%,%url% This will do actually two verifications (separated by ,). First it tires to log into your email account and checks for links and also checks on the webpage itself using the search form and searching for “Website title”. Once found by one of the methods it will use that resulting URL to check for your URL. |
verify url verify url remove verify url replace verify url must have | If you use “search”, “url” or “txturl” in the variable “verify by” and you don't want to check on the last used URL then you can define a different URL here. Since version 11.71 you can also use multiple URLs seperated by |. Example: verify url=./index.php verify url replace=/edit/;/show/ verify url remove=sub/ Imagine the last URL was: “http://www.something.com/sub/edit/?a=2“ It would now be ”http://www.something.com/show/index.php“ |
use original url to verify | 1 = this will not use the last URL but the URL we started the whole engine with. 0 = use the last URL at the end of the submission (default) Example: use original url to verify=1 |
verify interval | Defines in what interval in minutes this verification should take place (default 180). Example: verify interval=60 This checks each hour if the submission is verified. |
verify timeout | Defines how long we wait in minutes till we assume that a submission will never be successful and skip the whole site (default 7200). Example: verify timeout=180 Waits 3 hours for a successful verification before giving up. |
first verify | The first verification would start 10 minutes after the submission unless you define it differently. Example: first verify=60 This means to check one hour after the submission. |
verify search detail url | 1 = If a URL has been located with your wanted data (URL) on it then the verification would normally be finished. Though sometimes you end up with a link not as good as it can be. This is especially the case if you use “search” in “verify by”. In this case a better URL is located by seeing if a DETAIL or MORE or alike link is showing your URL as well. This is by default enabled. Set it to 0 if you think the resulting URL is the best it can find. Example: verify search detail url=1 |
try to continue without verification | 0 = follow exact verification steps (default) 1 = try to skip verification and continue Example: try to continue without verification=1 When used in a REGISTER_STEP1 section, this would skip e.g. the email verification and try to login and submit your link. In case this goes wrong there is still the normal way to go on (wait verification + login + submit). If the result of a registration is unknown as well as login, then it doesnt continue for now but wait till registration is verified. |
modify url | This is used to change a found URL to something else. Example: modify url=%targethost% %targetpath% If the program starts the submission with a URL like ”http://www.something.com/guestbook.php/page=23” you will most likely not find a form to submit your link as this is only on page 1. So in this case the “modify url” removes all parameters from the URL and you end in “http://www.something.com/guestbook.php/page=23”. |
modify url condition | If present it will check if the content is present on the webpage and only apply the “modify url” changes when present. |
modify url remove | The same as “verify url remove” but used to modify a URL for the submission. |
modify url replace | The same as “verify url replace” but used to modify a URL for the submission. |
modify submit method | Use this to change the form submission method. Valid values are GET and POST. |
modify step modify step condition modify step condition input | This will go to another submission step if the condition (something in last downloaded page from previous submission step) was found. Example: modify step=2 modify step condition=*No verification required* the modify step condition input is optional and will use the content of the webpage as default |
Download retries | Number of tries to submit or download something (default is 1). |
Link type | Defines the type of backlink created. Can be anything you want but you might want to use the types already used in other scripts. |
remove var cache | Will remove extracted content/variables and makes sure to to reuse them but extract them again Example: remove var cache=captcha_img |
First you would have to get all form field names from a form you want to submit to when looking in the html source like…
<form action="submit.php"> Your page: <input name="homepage" id="hp" type="text"><br> Your Comment: <textarea name="comment" id="cmd"></textarea><br> <input name="a1" type="hidden" value="0"> <input name="button" value="Submit" type="submit"> </form>
On the example above you would take just “homepage” and “comment” as the rest is either hidden or a button that is not possible to fill out.
homepage=%url%
comment=%blog_comment%
There are other ways on how the fields can be filled (in that order):
As you can see we fill the form field homepage with the content of the variable url and the field comment with the variable blog_comment. Of course the program still needs to know what URL or Blog_Comment is so we have to make that visible for the customer to fill it out when editing a project. And this would look like the following:
[Blog_Comment] type=memo allow html=You can use these tags:|<a href="" title=""> allow return=1 must be filled=1 hint=Use some comments here that will be posted to the blogs. default=%file-comments.dat% html to bbs=BBCode format allowed custom mode=1 auto modify=1 auto add anchor url=1 html to markdown=Markdown</option>
The list below explains all possible variables you can use here.
Variable | Allowed values / Description |
---|---|
type | Can be one of the following memo → multiple line text → simple edit box (default) email → simple edit box but should have a valid email syntax url → simple edit box but should have a valid url syntax category → a category to fill out file → the customer has to choose a file. login → a login field password → a password field extract → a special field not visible when editing but used to extract data from emails or webpages. |
allow html | 0 = No html allowed 1 = html is allowed <text> = If the text appears on the webpage we will allow html. HTML will be removed from your defined content if not supported by the engine (transformed into text only). |
allow return | 0 = no return/line feed allowed 1 = return/line feed is allowed <text> = If the text appears on the webpage we will allow a return/line feed. |
must be filled | 1 = User must fill this out in project data 0 = User can leave this empty (default) |
hint | A text that is displayed when the user moves his mouse over the field. |
default | The default value that is used when creating a new project. You can also use “%file-FILENAME% here in case you want to load the default content from a file. |
html to bbs bbs supports bbs supports anchor text in url | 0 = No conversion (default) 1 = Convert html code to BB code. <text> = Convert to BB Code only if the text is appearing on the webpage. Example: html to bbs=1 bbs supports=url,b,i,u The variable “bbs supports” defines what this engine can convert. Usually “url” (default). Please note the spelling as it is “html to bbs” and not “html to bb” as it should have been called. Also note that ”allow html=1“ has to be set. bbs supports anchor text in url is enabled by default and will place and anchor text with the URL, if just a plain URL is supported, then use bbs supports anchor text in url=0 |
custom mode | 1 = User is asked to manually customize this data before submission (when custom mode is on) 0 = No customization (default) |
auto modify | 1 = Modify the content a bit with random line feeds and other things to make it a bit more unique (not duplicate content). 0 = Do not modify this at all 2 = Modify only line breaks after full sentences |
auto add anchor url auto add anchor url content | 1 = Add a link to the end of the post in case the site supports html and no URL could get posted anywhere else. 0 = Do not add a url at all. 2 = Add an URL even though the URL was used before in other fields Example: auto add anchor url=1 auto add anchor url content=Click <a href=”%url%“>%anchor%</a> The program is trying to locate the anchor in the text if there is no URL used in the form. If found it will place a link there, else it will add the line from the ”…content“ variable and put your link there at the end. The program will use it's internal variations if you leave the ”…content“ variable empty. |
html to markdown | 1 = Convert html code to markdown code 0 = Do not convert it <text> = Convert it if the text is appearing on the website. Also note that ”allow html=1“ has to be set. |
html to custom link format custom link format | 1 = convert html code to a custom format 0 = Do not convert it. <text> = Convert it if the text is appearing on the website. Example: html to custom link format=1 custom link format=[%url% %anchor_text%] This would be used for Wiki engines where a link is encoded in a special way. Also note that ”allow html=1“ has to be set. |
basic html only | 1 = keep just basic html tags (default if custom link format is used) 0 = keep html as it is |
html line break html line break format | Converts a normal line break to some html line break (default <br>). You can specify the line break format in “html line break format” if it is some special line break as seen in some wiki engines. Example: html line break=1 html line break format=«BR» |
custom img format | If set, it will try to locate the html syntax for images and replace it with that new syntax. Example: custom img format=[img=%url%] |
custom iframe format | If set, it will try to locate the iframe syntax for videos and replace it with that new syntax. Example: custom iframe format=<iframe src=%url%></iframe> |
alternate data | Right now only used for anchor_text which will use something else than the entered data according to its value Example: alternate data={click here|my page|webpage} This will not use the anchor text that the user entered but something else randomly. |
static | 1 = marks this as an important variable that should be saved as it might have to be used later on. 0 = do not save the content. 2 = saves it till next submission process is successful (e.g. for first time verifications it has to be removed later to allow further submissions) This is important for logins and passwords as the content could be random but we still need to know the login data for later login after a verified registration. |
max length | The maximum length of the resulting data. |
min length | The minimum length of the resulting data. |
alpha | Used when the type is a login. 0 = no alpha (A-Z) chars allowed 1 = alpha chars allowed (default) |
numeric | Used when the type is a login. 0 = no numbers allowed 1 = numbers allowed (default) |
upcase | Used when the type is a login. 0 = capital chars are not allowed 1 = capital chars are allowed (default) |
lowcase | Used when the type is a login. 0 = lowercase chars are not allowed 1 = lowercase chars are allowed (default) |
capitalize words | 0 = no modification 1 = Will Capitalize Each Word |
remove | Remove certain content before we apply it to the form field. See “verify url remove” for syntax. |
replace | Replace certain content before we apply it to the form field. See “verify url replace” for syntax. |
allow spin | 1 = User can use spin syntax in project editor (default) 0 = User is not allowed to use spin syntax |
tier data | Sets the data that will overwrite the input data for tier projects. Just if the “tier data” is empty it will use the one that the user set. Example: tier data=%tier_title% If the project is a tier project, it will not use the input data, but instead fill it from the variable %tier_data% which can e.g. be a extract-variable that downloads the URL and extracts the <title></title> value. |
allow data url | 0 = do not allow data URLs → gets removed 1 = allow them (default) This will remove e.g. images from the article that are Data-URLs |
Of course some form fields doesn't need to get filled by a previously defined content from the user in project options. These are e.g. captcha forms or check boxes with someone has to agree to there terms. Just add the content without using variable content like this:
Example | Description |
---|---|
agree_tos=1 | 1 = check the box, 0 = don't check |
captcha_code=%captcha% | %captcha% indicates that this is a field with a captcha image to fill out |
text_question=%question% | %question% indicates that this is a random question that the user has to answer. |
cap_text=%capquest% | %capquest% can be both (captcha or question) |
country_box=%random_option% | Choose a random item out of a selection box. |
signature={Some|A} {spin|spun} text | Just fill that field with the text after spinning it. |
letters=%textcode% <front>;<back> | |
something_else=%leave% | Leaves this field to it's default content/check state. |
If a form field variable is not found in the current section (e.g. [STEP2]) then it is checked from [STEP1] section. If the name=“xyz” is not matching, we try to match by id=“xyz”. In the above example you could also define:
[STEP1] hp=%url% cmd=%blog_comment%
This special variable tells the program to extract some captcha image. You can use parameters with this like
%captcha% *image.php?* | tries to find the captcha that has image.php? in the URL path |
%captcha% fixed:http://some-url-with-captcha.com/image.php?rnd=123 | is not searching for a captcha but using that fixed URL |
%captcha% overlay:*image.php?* | is searching for more than one captcha and combines them to one file |
Sometimes you need to extract certain content from the website or the email like a login/password. This can be done by defining a new variable type as the following
[email_pw] type=extract front1=Your password is:|Ihr passwort lautet: back=\n
The ”type=extract“ tells the program to extract data from the email or webpage and not ask the user to fill it in project data when editing a project.
The variable “front1” shows what should be before the things we want to extract and “back” (yes you guessed it) the thing it should cut off the extracted data. You can again add multiple items with | and if you have more than one “front1” you can also add “front2=”, “front3=” and so on. Same for “back”.
Variable | Allowed values / Description |
---|---|
front or front1, front2… | Defines the content to cut in front of our to extract data. Separate multiple variations by |. |
back or back1, back2,.. | Defines the content to cut in the back of our to extract data. Separate multiple variations by |. |
remove html | 0 = Do not modify it 1 = remove html code |
must have | If the extracted data has not the something appearing in “must have” we set it blank again. |
increase | If the extracted data is a integer we can increase or decrease (negative number) the data by the given value. |
default | If we have been unable to extract something, we can set a default value here. |
url | Instead of using the current URL for extracting something, we extract the content from the given URL. |
search url | Instead of using the current URL for extracting something, we search for an URL by the given mask and if found use that URL's content to extract data from. |
find link find url | Instead of using front/back we extract URLs by the given parameters. |
name_front / name_back value_front / value_back | Instead of using front/back we extract actually two values here and later join them with “name=value”. This is useful for cookie extraction. |
random | Usual only the first appearance of the extracted data is taken. When you use “random=1” then all data is extracted and a random item from it is used. |
input | By default “input” is the content of the last downloaded/submitted webpage or, if you specified url=… ,that content. With input you can change the source of the content to parse in. |
reverse | When using reverse=1 then it will reverse the result turning 123 into 321. |
base64 | using base64=1 would encode the result to base64 content. |
all matches delimiter | When using all matches=1 together with delimiter=, you can join all found matches into one single string joined with the character defined in delimiter. |
In that example the search engine would try to find a new target with the search “Powered by XYZ” or “XYZ Powered”. If the found site also has one of the strings on its page we use this engine and start to submit the data right away as no “REGISTER_STEP1” or “LOGIN_STEP1” is defined.
We first start to locate the correct sublink by searching for a link named “Submit your Site” and/or the URL containing “/submit.php” in it.
On that URL we search for a from that has an ID named “Submitform”, has a name “*Submit” and/or has a URL which matches a mask “*/submit.php?step=2”. Once found we start to extract all form fields and start to fill them. We find “name” and fill it with a random name from the file “names.dat”. We find a form field called “captcha_image” and ask the user to fill that out. We find the field called “url” and fill it with our URL defined in the project settings.
Now we submit the form and check if the submission is either successful (submit success) or not (submit failed).
If it was successful we will add the URL (modified to /latest.php) to our sites for later verification. There we will always download the website and check if our URL is appearing on it. If so we have a verified submission.
[SETUP] engine type=TEST description=Just a sample page must have=Powered by XYZ|XYZ Powered search term=”Powered by XYZ”|”XYZ Powered” add keyword to search=0 extract keywords=0 [URL] type=url hint=Enter your URL here please must be filled=1 [STEP1] find link=Submit your Site find url=*/submit.php form name=*Submit form id=submitform form url=*/submit.php?step=2 submit success=Your submission was successful submit failed=Your submission failed verify submission=1 verify by=url verify url=./latest.php verify search for=%url% verify on unknown status=1 name=%spinfile-names.dat% url=%url% captcha_image=%captcha%