1. Quick Launch Menu 2. MainA. General SettingsB. Simultaneous 3. Wo

1. 1. Quick Launch Menu
2.  
3. 2. Main
4. A. General Settings
5. B. Simultaneous
6.  
7. 3. Wordlist
8.  
9. 4. Proxy
10. A. My List
11. B. Black List
12. C. Analyzer
13. D. Options
14. E. Statistics
15.  
16.  
17. 5. History
18. A. History
19. B. Options
20. C. Reply
21.  
22.  
23. 6. Manager
24.  
25.  
26. 7. Fake
27.  
28.  
29. 8. Settings
30.  
31.  
32. 9. Misc
33. A. HTTP Debugger
34. a. Main
35. b. Page Viewer
36. c. Options
37. B. Auto-Pilot
38. a. Task List
39. b. Options
40. c. Results
41.  
42.  
43. 10. Progression
44. A. Bots
45. B. Replies
46.  
47.  
48. 11. About
49.  
50.  
51.  
52. 1. Quick Launch Menu
53.  
54. Quick Launch Menu (upper right corner, button with the exe icon) is a way to start your favorite programs through Sentry. Just open a Path To Exe file using the open button in the editor. The name is filled in, by Sentry, of the program you chose according to the filename of the program. The icon is ripped from the Exe file to better identify your programs. Then hit the Add button to add the program to the Quick Launch menu. Close the Quick Launch Editor and click the Quick Launch Menu to see the program you added. Everything is editable, except for the icon.
55.  
56. 2. Main
57.  
58. The main page has all the general options. Let's go through each one in detail.
59.  
60. A. General Settings
61.  
62. The Slider at the top determines the Speed of Sentry, or how many bots you want Sentry to launch. It is recommended to use between 30 - 50 bots with DSL/Cable or higher, and 15-20 bots with 56K Modem.
63.  
64.  
65. When Set Length Filter is checked, you have the ability to kill certain words in your wordlist. Which means, say you are testing a site that restricts usernames and passwords to 6-8 length. Using the Length Filter, you can check it and type 6 in the first textboxes and 8 in the second textboxes.
66.  
67. IE. Username: 6 to 8
68. Password: 6 to 8
69.  
70. This would effectively filter out any combos which are not at least 6 characters in length and at maximum 8 characters at length.
71.  
72. Wordlist Position is exactly what it means. It is the position at which Sentry is at your wordlist. So if you want to start with the first combo in your wordlist, you would either move the Slider to 1, type 1 in the textbox, or hit the Reset Button to the right of the Slider.
73.  
74.  
75. The Wordlist Position Slider is moveable during a test. This mean if you are in the middle of running a site and you feel the need to move to the end of your list, you can simply drag the slider 3/4 of the way and Sentry will immediately begin testing combos from that position. You can also go backwards during a test. If you start a test without realizing that you are 3/4 into your wordlist when you pressed the Start Button, you can hit the Reset Button and Sentry will start from the beginning of your wordlist without you having to restart the test and resetting the wordlist position.
76.  
77.  
78. Bots Timeout in x Seconds, where x is a integer which must be greater than 0.
79.  
80. Sometimes, during testing, a proxy decides to hang or take a really long time to reply. With this option, you can have Sentry retry combos with a different proxy if the proxy takes longer than x Seconds. After x Seconds, the request is aborted and retried with a different proxy. This will speed up testing when using some slow proxies.
81.  
82. Options
83.  
84. Agent - Simply defines the Agent Field of an HTTP Request. This field is used for the server to effectively identify what type of browser or agent is being used to connect. This is also the same field which can identify the Operating System you are using. The Default Value will just give the server some version type of Mozilla.
85.  
86. Referer - This defines what Referer Field you want to send to the server. The Referer Field is used so the server can tell what web page referred you to the current web page you are requesting. The two options, <BASE URL> and <MEMBER URL>, can tell Sentry to use the Base URL, or the Member's URL as the referrer.
87.  
88. I.E. http://www.somesite....bers/index.html
89.  
90. Base URL = http://www.somesite.com
91. Member URL = http://www.somesite....bers/index.html
92.  
93. Debug
94.  
95. Everytime you receive a hit, if Write Debug Information on Hits is checked, Sentry will dump the Header and the Source returned from the server in a file called Debug.txt
96.  
97. Request Method
98.  
99. This is the method which Sentry will use to send your requests. HEAD just returns the Header Response from the server. GET retrieves both, the Header Response and the Source of the webpage. Obviously, HEAD uses less bandwidth and is faster because it doesn't return the source of a webpage.
100.  
101. Control Panel
102.  
103. Load A Snap Shot will allow you to load a Snap Shot's settings into Sentry. This is useful if a site you are testing behaves the same as another site which you already have a Snap Shot for. You can just load the Snap Shot for that Site, change the Site: field and run the test.
104.  
105. Save A Snap Shot will allow you to save a Snap Shot's settings to a *.sss file. It is a good idea to save a "default.sss Snap Shot so you do not have to untick and clear all the fields in Sentry when running a standard test.
106.  
107. Send To Auto-Pilot sends the current site to the Auto-Pilot's Task List.
108.  
109. Snap Shots
110.  
111. Snap Shots is a feature that will save you time.
112.  
113. A Snap Shot is basically what its name describes it as. When you test a site for the first time, a Snap
114. Shot is created. What this file contains is all the essential details in Main and Fake tabs.
115.  
116. Wordlist, Wordlist Position, and Proxy Information do not save.
117.  
118. Here is a list of the options that are saved:
119. - Site's member URL
120. - Bots
121. - Length Filter
122. - Timeout
123. - Request Method
124. - Ban Proxy On Key Phrase
125. - Ban Proxy On 200
126. - Success Key Phrases
127. - Content-Length
128. - Check Hits
129. - Custom Hit Response
130. - Use Same Fake Proxy
131.  
132. The engine is built even so you can use shortcuts once a Snap Shot exists. For instance, you open up Sentry
133. and decide to run http://somesite.com/members/index.html
134.  
135. If you have a Snap Shot of that site, you can just enter somesite.com in the Site ComboBox. Sentry will automatically detect that you have a Snap Shot of that site and will ask you to load it.
136.  
137. In the above case, if you load it, the Site ComboBox will now be replaced with the Member's URL saved for
138. that site. If you choose not to load it, be prepared for a lot of 200 responses
139.  
140. B. Simultaneous
141.  
142. Enable Simultaneous Testing
143.  
144. Simultaneous Site Testing is an option which allows you to test multiple sites simultaneously. How this works is say you have a list of sites you want to test, let's say 3.
145.  
146. Using this option, you can put the first site in the main Site ComboBox, then the other 2 sites in the Sites ListBox on the Simultaneous Page.
147.  
148. This is how Sentry tests the Sites:
149.  
150. Combo1 -> Site1
151. -> Site2
152. -> Site3
153. Combo2 -> Site1
154. ->Site2
155. -> Site3
156. etc...
157.  
158. The same pool of proxies are used (My List) for all Sites, therefore, if a proxy is banned from one site, it will not be used against the other 2 Sites. This may eat proxies fast.
159.  
160.  
161. 3. Wordlist
162.  
163. This Page is used to load a wordlist, and to use some manipulation features on your wordlist, if you choose to do so.
164.  
165. Combos is a the ListBox in which your combos will be loaded into. The Label in the upper right hand corner will count how many combos are in the current combo list loaded.
166.  
167. Single Lists are not supported in Sentry. Use Raptor to convert 2 Single Lists to a Combo List. Only L Combos are supported. Tabs are not supported.
168.  
169. Read Wordlist From Disk is an option which allows you to have Sentry read a wordlist from your hard drive. This can be useful if you do not want to waste the memory in loading the wordlist into Sentry. There are a few drawbacks to this option:
170.  
171. 1. You cannot change the position of the wordlist during a test like you can when loading a wordlist into Sentry. The wordlist will run in sequential order into the end of the test.
172.  
173. 2. It is slightly slower than loading a list into Sentry's memory. The speed difference is very minimal, almost not noticeable, but I thought I would mention it anyway.
174.  
175. 3. You cannot use this option when using the Auto-Pilot. More on Auto-Pilot later.
176.  
177. Manipulation is the art of manipulating, on the fly, a combo from your wordlist.
178.  
179. Prefix is a term which means before, so anything typed into the Prefix TextBoxes will appear before the Actual Combo.
180.  
181. Suffix is a term which means after, so anything typed into the Suffix TextBoxes will appear after the Actual Combo.
182.  
183. Invert User will reverse the order of each letter in the Username.
184.  
185. Invert Password will reverse the order of each letter in the Password.
186.  
187. The Invert Options invert as an initial step, meaning a combo is first inverted, then the prefix and suffixes are attached to the inverted username or password.
188.  
189. If you do not want a prefix or suffix, make sure all 4 TextBoxes are empty.
190.  
191. I.E. Original Combo = username:password
192.  
193. Username Prefix = 100 Username Suffix = 999
194. Password Prefix = 200 Password Suffix = 888
195. Invert Username = Checked Invert Password = Checked
196.  
197. username will now be manipulated to 100emanresu999
198. password will now be manipulated to 200drowssap888
199.  
200. The actual wordlist is never modified.
201.  
202.  
203. 4. Proxy
204.  
205. The Proxy Page handles all Sentry's proxies. It is spit up into several categories. The Slider at the top of the page controls how many bots the Proxy Analyzer will use.
206.  
207. A. My List
208.  
209. Just like in Access Diver, My List contains the proxies which Sentry will use to test a site with. Proxy Rotation is set to 1. This cannot be changed.
210.  
211. Do Not Use a Proxy can be checked if you do not want to use a proxy while testing a site. This is not recommended and should only be used if you do not want to remain anonymous.
212.  
213. Use a Single Proxy can be used if you only want to use a single proxy to run all your tests with. This is not recommended but can be used if you want to speed up testing by only using a single, fast proxy.
214.  
215. Status is a column which will be blank at first. When a test is being ran, all proxies which return a bad response or need to be banned for some reason will appear with their reason of why they were banned.
216.  
217. When you Right Click the ListView, you will see several options:
218.  
219. Reactivate Selected Proxies will mark all proxies selected as Reactivated. This will make them eligible next time Sentry is assigning proxies during a test.
220.  
221. Use Proxy in IE will set the proxy selected as your current proxy in Internet Explorer.
222.  
223. Load a Proxy List will load a list of proxies into My List. Proxies are compared against Black List and then loaded into the Proxy ListView. This should not be used unless you are sure you have a list of anonymous proxies that do no need to be verified first.
224.  
225. All other options are self explanitory.
226.  
227. B. Black List
228.  
229. The Black List contains proxies which you may think are dangerous. Load a bunch of proxies into the Black List if you never want Sentry to use them. Every time you "Update My List" in the Proxy Analyzer, these proxies are compared against the proxies in the Black List and those in the Black List do not appear in My List.
230.  
231. C. Proxy Analyzer
232.  
233. The Proxy Analyzer contains all the proxies you want to test to see if they are anonymous, or fast. To begin an anonymity test, simply click the start button (small button with the lightning bolt, not the large button at the top).
234.  
235. When the test finishes and you want to remove all the bad proxies, you can do so by clicking the brush button on the right. This will pop up with a menu where you can Remove Duplicates, Bad Proxies, Timeouts, or Gateways. Generally, all Bad Proxies and Timeouts should always be removed.
236.  
237. The columns listed are Proxy, Port, Status, Gateway, Anon, 401/Level, Speed.
238.  
239. Status is what Reply the proxy returned with.
240.  
241. Gateway is the Gateway IP Address returned by the Proxy. If Gateway does not match the original IP of the proxy, it is considered a Gateway.
242.  
243. Anon is simply if the proxy is anonymous or not.
244.  
245. 401 (only if Internal Proxy Server is Checked) is determined if a Basic Authentication page is able to be accessed through the proxy.
246.  
247. Level is the level which is returned from the ProxyJudge. Levels should only be used to simply tell you if Sentry went to the right location (the ProxyJudge) or if it got redirected (Level will be unknown). Levels do not determine if a proxy is more anonymous than another proxy.
248.  
249. Speed (in milliseconds) is the time it takes a proxy to complete its request once launched. The lower the number, the faster the proxy is.
250.  
251. Right Clicking on the Proxy Analyzer ListView, you are presented with several options:
252.  
253. All are self explanatory except Update My List. This option is used to transfer all the proxies from the Proxy Analyzer to My List. The Proxies are compared against your Black List and then sent to My List. My List will now contain the proxies from the Proxy Analyzer ListView.
254.  
255.  
256. There are three types of Proxy Analyzers in Sentry. An Internal one (like Proxyrama), or the standard external one (uses ProxyJudges), and a special one (To test proxies against a specific site).
257.  
258. Internal ProxyJudge
259.  
260. An Internal ProxyJudge is simple. Your computer acts like an HTTP Server and it connects back to it with the proxies in the list. If your IP is found in the Header Data (X_FORWARDED) field, then the proxy is not anonymous.
261.  
262. 401 determines if the proxy supports a Basic Authentication. Almost all proxies do, so this field should almost always have a "Yes". The proxy connects to the HTTP Server and receives the Header of a Basic Authentication Page. If the response by the Proxy is a 401, than the proxy supports this.
263.  
264. All pages are created virtually; so you don't really have a proxyjudge.html, etc. on your computer anywhere.
265.  
266. Locations:
267.  
268. ProxyJudge:
269. http://:/proxyjudge.html
270.  
271. Basic Authentication Page:
272. http://:/secure/(x)/sex/boobs/xxx/index.html
273.  
274. Bad words in the Basic Authentication path will filter out proxies that sensor sites.
275.  
276. Note: Changing the Server Port will not allow some proxies to work. Some proxies can only connect to port 80 and changing this port may cause some perfectly legit proxies not to work.
277.  
278. External ProxyJudge
279.  
280. An External ProxyJudge connects to a third party webpage, where a third party script is used to analyze if a proxy is anonymous or not. The problem with this is simple. If the server hosting the ProxyJudge goes down, you will have to restart a test.
281.  
282. The speed is calculated depending upon the proxy you are testing to go to the webpage and then back to your computer. This means, if a proxy is located near the ProxyJudge, you will receive a better speed value for that proxy, instead of a true ping time from your computer to the proxy like the Internal Server does.
283.  
284. Specific Site
285.  
286. Under Proxy -> Options ->Special there is a checkbox which enables you to check proxies against a specific site. This option is very useful to determine if proxies return a Basic Authentication response or to determine the speed it takes a proxy to connect to the site and back to your computer. All 401 responses are accepted and anything else marks a proxy as Bad.
287.  
288. If Parse Specific Site for Key Phrases is checked, then a proxy will return good only if one of the specified key phrases are found. Status Codes are ignored.
289.  
290. D. Options
291.  
292. ProxyJudge is a ComboBox which will store your ProxyJudges every time one is used during an external proxy test. The icon to the right of the ProxyJudge ComboBox is used to launch the ProxyJudge in your browser.
293.  
294. Proxy Timeout is used to determine how long you want to allow the Analyzer to take until it aborts a request being sent. This will speed up Proxy Analyzing because the engine will not have to wait for proxies which hang to abort.
295.  
296. IP is your Internal IP address returned from Sentry at startup. If the IP in the box is not correct, you will not be able to use the Proxy Analyzer, because Sentry will not know what IP it should compare the proxies with to determine if your proxy is anonymous or not.
297.  
298. Get External IP can be used to get your IP from a third party website. If your Internal IP is wrong, this option can be used.
299.  
300. Get External IP on Startup will retrieve your external IP when Sentry starts up.
301.  
302. Test Proxies against a Specific Site can be used to enable the Specific Site analyzer. Enter the URL of a webpage which responds with a 401 (Basic Authentication) response.
303.  
304. Use HEAD Request Method determines which Request Method Sentry will use with the Specific Site analyzer. Normally you should only use HEAD Request Method if you plan to test the site using HEAD Request Method.
305.  
306. Use GET Request Method is the same as above except for the GET Request Method.
307.  
308. Reactive All Proxies when Active Proxies Equals is an option to determine when Sentry should reactive the proxies in My List. A number like 10 or 20 is useful if you do not want to ever go below that amount of proxies being used no matter what. 0 is the default value which means when the last proxy in My List gets banned, all of the proxies in My List are reactivated.
309.  
310. Use Internal ProxyJudge can be checked to use the Internal ProxyJudge.
311.  
312. Start Server should always be pressed before you do an Internal Proxy test. This will start Sentry's HTTP Server on whatever port you specified in the Server Port TextBox.
313.  
314. Abort Server will abort Sentry's HTTP Server.
315.  
316. Server Port will allow you to determine what port Sentry will use when running the Internal ProxyJudge.
317.  
318. E. Statistics
319.  
320. Shows some general statistics of your proxies while or after a test is being ran.
321.  
322. 5. History
323.  
324. A. History
325.  
326. Shows the sites in your history and what proxy was used. Again, the brush button can be used to bring a menu up which will allow you to remove certain types of sites from your history. I.E. Bad, Redirects, Timeouts, etc.
327.  
328. The slider at the top of the History Page will allow you to choose how many bots you want Sentry to use when running a History Check. The two small buttons to the left of this slider will start and stop a test, respectively.
329.  
330. Right Clicking will bring up a list of options you can choose from. They are all self explanatory except for Use Proxy in IE which will allow you to use the Proxy Used to return that entry in Internet Explorer.
331.  
332. B. Options
333.  
334. Use GET instead of HEAD will use the GET Request Method to verify sites instead of the HEAD Request Method. GET Request Method should only be used if you are defining HTML Key Phrases or if you have some URLs which only can be accessed using the GET Request Method.
335.  
336. Bots Timeout is how long Sentry will wait until the request launched will be aborted and the response is marked as a Timeout.
337.  
338. Define HTML Key Phrase can be used to define a list of Key Phrases which, if found in the respective site's source, will be considered a bad request. The reasoning behind this is if you know the failure phrases of some sites, you can effectively reduce the amount of fakes returned by the History Verifier. I.E. "pennywize" or "blocked" are good Key Phrases to use to help reduce fakes. You can add as many Key Phrases as you want.
339.  
340. C. Reply
341.  
342. Shows the replies which the History Checker returned.
343.  
344.  
345. 6. Manager
346.  
347. Site List displays a list of sites which Sentry has used. Right Clicking on the ListBox brings up some options:
348.  
349. Open Base Site In Browser will allow you to view the Base Site of the URL in your Browser.
350.  
351. Send To Testing Zone will send the selected URL to the Site ComboBox.
352.  
353. Send To Simultaneous List will send the selected URL to the Simultaneous ListBox.
354.  
355. Wordlist History will display the paths to all the wordlists you have used with Sentry. Right Click on this ListBox brings up some options:
356.  
357. Load As Combo List will load the selected wordlist as a normal combo list into Sentry's memory.
358.  
359. Load As Combo List From Disk will load the selected wordlist as a combo list which will be read from your hard drive.
360.  
361.  
362. 7. Fake
363.  
364. Header Parsing
365.  
366. Header Parsing is a brand new type of fake protection. Basically, you now can specify Key Phrases in the header response sent to you by the server. Why is this useful?
367.  
368. No more relying on responses to determine if a combo is a hit or not. Some sites like to send out different/abnormal HTTP Response codes to fool bruteforce programs. Time to come up with a new method.
369.  
370. I should not have put this option in here, but too many people would wonder why it this method is still
371. spitting out fakes: 503 and 502 responses are automatically disregarded when using this method.
372. If you are still getting fakes, use the Debug Header Response option and add additional Key Phrases.
373.  
374. In theory, this method is flawless against certain sites; however, some proxies like to give you a different header than what is actually the correct HTTP Header. That is why Retry Hits x Times works within this method. This is only for failure key phrases as successful key phrases don't need a verification.
375.  
376. Success Key Phrase parsing only needs to find one of the listed key phrases to be considered a hit.
377.  
378. This method, in conjunction with the Debug Option, and a little thought can be very powerful.
379.  
380. For more information on this feature, see the Tutorial.txt file which comes with Sentry.
381.  
382. Source Parsing
383.  
384. This option can effectively eliminate fakes if used correctly.
385.  
386. Define Failure Key Phrases - If a Key Phrase is found in the source of a returned 200 response, then it is marked as bad. If Key Phrase is not found, reply is returned as a hit. Extremely useful for sites that like to spit fakes. Sentry was built with this in mind.
387.  
388. Define Success Key Phrase - If a Key Phrase is known on the members page, you can use this option to increase the amount of hits on a site. For example, if you get a hit, you can scan through the source of the webpage (i.e. members.html) and pick out a distinctive Key Phrase (). Every 200 reply's source is scanned for these good Key Phrases. If one is found, then returned as hit. Everything else is a failure. This method also scans redirects for Key Phrases. This method can eliminate fake replies.
389.  
390. See Tutorial.txt for more information on this feature.
391.  
392. Custom Hit Response has been deleted. Use Success Header Key Phrases which is showed in the Tutorial.txt file.
393.  
394. Ban Proxy on Bad Key Phrase - If a failure Key Phrase is found, the proxy is banned.
395.  
396. Ban Proxy on 200 Reply - Ban proxy if it returns a 200 response.
397.  
398. Check Hits x Times is standard fake protection. This option will check all hits returned by Sentry again with a different proxy to see if they are truly hits. If Check Using The Same Proxy is checked, the site will be checked using the same proxy. Check hits using the same proxy is not recommended to be checked.
399.  
400. Content-Length Checker will check the returned source to see if it is greater than x amount of bytes. If it is, then a hit is recorded. If less than x amount, proxy is banned.
401.  
402. 8. Settings
403.  
404. Sounds can be used with Sentry. By default, the paths point to the sound files which are included with Sentry. They can be changed, however, to what every you want.
405.  
406. 9. Misc
407.  
408. A. HTTP Debugger
409.  
410. Http Debugger sends requests to a given site using various options. It follows redirects to completion which can be very useful for spoofing.
411.  
412. a. Main
413.  
414. This page shows the source and Header Responses sent and received. Even the cookie received is displayed.
415.  
416. Byte Count shows how many Bytes were returned with the returned source.
417.  
418. b. Page Viewer
419.  
420. Displays the source returned as it would look like in your browser. Some links can be followed through this, depending on the way the source of the webpage was written. It is not recommended to use this as a browser. It is simply there to show you how the source returned looks like when being viewed in a browser.
421.  
422. c. Options
423.  
424. Request Method is simply the Request Method the HTTP Debugger will use.
425.  
426. Proxies can be used with the HTTP Debugger. Even a SOCKS proxy can be used.
427.  
428. Authentication is the username and password required to enter a site. Leave empty if none are needed.
429.  
430. Agent is the Agent Field you want to send when using the HTTP Debugger.
431.  
432. Referer is the Referer Field you want to send.
433.  
434. Data To Post is the data you want to Post when using the POST Request Method.
435.  
436. Cookie is the cookie you want to send when using the HTTP Debugger.
437.  
438. Timeout is how long you want the HTTP Debugger to wait until the request is aborted.
439.  
440. B. Auto-Pilot
441.  
442. Auto-Pilot is an option which can be used to test sites sequentially with Sentry. You give a list of sites and hit the start button and Sentry does the rest. Auto-Pilot reports a summary at the beginning and end of each job. Use the small abort button located in the Auto-Pilot Section. You cannot load a wordlist from disk when using Auto-Pilot. The list is automatically loaded into Sentry's memory when using Auto-Pilot.
443.  
444. a. Task List
445.  
446. The list of sites which are currently loaded into the Auto-Pilot. The wordlist field is filled in with the current wordlist you are using.
447.  
448. Snap Shot field will be filled in if you have a Snap Shot for the site you added and if the Auto-Pilot engine will use it or not.
449.  
450. Right Clicking brings up a list of options which are all self explanatory.
451.  
452. b. Options
453.  
454. Show Fakes In Summary will display all the fakes the Auto-Pilot received in the Summary report generated when the site is completed testing.
455.  
456. Show Redirects In Summary will display all the redirects the Auto-Pilot received in the Summary report which is generated when the site is done being tested.
457.  
458. Time To Sleep Between Each Job can be useful to allow Sentry to recover from a test that just ended. A good way for letting your connections reset (lettings slow connections finish).
459.  
460. c. Results
461.  
462. Displays the Results returned when using the Auto-Pilot. This is also considered the Summary.
463.  
464. 10. Progression
465.  
466. A. Bots
467.  
468. Displays information about the test being ran including bot number, username, password, proxy, reply, and site being tried at the present moment. Bots can be changed during a test.
469.  
470. All Hits are recorded in the Hits ListBox.
471.  
472. All Redirects are recorded in the Redirects ListBox.
473.  
474. All Fakes are recorded in the Fakes ListBox.
475.  
476. Double Clicking any item in any listbox will launch that item in your browser.
477.  
478. B. Replies
479.  
480. Responses are recorded appropriately when they appear during a test.
481.  
482. 200 - OK Response, not necessarily a hit.
483.  
484. 3xx - Redirect.
485.  
486. 401 - Authentication Required.
487.  
488. 403 - Forbidden.
489.  
490. 404 - Page not found. Generally a proxy error or a timeout.
491.  
492. 503 - Service Temporarily Unavailable which is usually a proxy problem, or a site can return this error if it required GET Request Method to be used when using HEAD Request Method.
493.  
494. Retries - The amount of times Sentry has retried various combos because of proxy errors or timeouts.
495.  
496. Fakes - The amount of fakes that Sentry has detected.
497.  
498. Proxies Left visually displays a progress bar and numbers showing how many proxies you have left. This can be useful to monitor how fast a site is banning your proxies.
499.  
500. Statistics shows general statistics of the site or sites in progress. CPS = Cracks Per Second.
501.  
502. utorial for Sentry MBA: the basics
503.  
504. This tutorial will describe the various options available in MBA settings frames. I will skip basic consideration, i.e. I assume the reader already has a basic knowledge about HTTP, proxies, headers, HTML and so on, i.e. concepts that a basic cracker should have.
505.  
506.  
507.  
508. In Sentry MBA in order to build a profile you need to configure 5 frames, all available from the Settings option located in the left bar:
509.  
510. - General Frame
511.  
512. - HTTP Header Frame
513.  
514. - Proxy Settings Frame
515.  
516. - Fake Settings Frame
517.  
518. - Keywords Frame
519.  
520. Moreover for form sites, you need to configure Post Wizard, that can be launched from the HTTP Header Frame,
521.  
522. General Frame:
523.  
524.  
525.  
526.  
527.  
528. In this frame you can configure basic settings like timeout and combo filter options. No need to explain these ones, since they are pretty intuitive.
529.  
530.  
531.  
532. Snapshots
533.  
534. All the options except the ones relative to the general settings box are site based. i.e. they are saved in the site profile -> snapshot. The snapshot is a .ini files that contains all the site settings. Normally when you start a bruteforcer session against a site, if a snapshot exists for that site, you will be asked by MBA if you want to use the snapshot. If you reply "Yes", then the site will be bruteforced with the settings saved in the snapshot. If you reply "No", the current settings will be used, i.e. the one set by you in the various settings frames. At the end of the bruteforcer session, a snapshot with the settings used in the bruteforcer session will be saved by MBA. You can save also current settings to a snapshot by clicking on the button Save Snapshot. If you want to load a profile given to you, you must first load it by clicking on the button Load Snapshot. If for some reason you don't want to use the Snapshot system, you can disable it by unchecking the option Enable Snap Shots.
535.  
536.  
537.  
538. Image Database
539.  
540. MBA uses a custom database in order to OCR fixed captcha sites like StrongBox. This database is saved in the file imagedata.dat. You can update this database in two ways:
541.  
542. 1) From images renamed to their captcha codes -> use the button "Update images database from directory".
543.  
544. 2) From another database (it must comes from MBA of course) -> use the button "Update images database from file"
545.  
546. HTTP Header Frame
547.  
548. Here you select the method used by MBA to bruteforce the site.
549.  
550. For basic popup site you must set GET or HEAD.
551.  
552. For form sites you must set POST.
553.  
554.  
555.  
556.  
557.  
558. Basic sites
559.  
560. This is the difference between GET and HEAD:
561.  
562. - with GET the server sends Headers and Body.
563.  
564. - with HEAD the server sends only Headers.
565.  
566. Basic sites upon bad login attempts send a HTTP 401 code: take note that this code too can be associated with a not empty Body. So with HEAD method you don't have to receive this Body -> bruteforce speed will be then higher. However with HEAD method you cannot check Body on 200 codes and moreover some sites cannot be bruteforced with HEAD. So for basic site set GET unless you really know what you're doing.
567.  
568.  
569.  
570. Form sites
571.  
572. For form site, you will need to configure POST Wizard: POST Wizard can be launched by clicking on the magic wand icon that will become active when you set POST as bruteforcing method. From here you can set basic POST settings as well advanced settings like OCR settings, Ajax settings, Capture settings and Variables settings. Post Wizard options will not be discussed in this tutorial.
573.  
574. Proxy Settings Frame
575.  
576.  
577.  
578.  
579.  
580. Now i will discuss this one with greater detail since you really need to understand how MBA proxy engine works in order to get the maximum performance from MBA.
581.  
582. In MBA a proxy can have three status:
583.  
584. 1) Active -> the proxy is being used by bruteforcer.
585.  
586. 2) Disabled -> the proxy is not being used by the bruteforcer, but its status will be changed to Active when the number of active proxies becomes less than the number set in the box named "Reactivate All Proxies When Active Proxies Equals".
587.  
588. 3) Banned -> the proxy is not being used by the bruteforcer and its status will be changed to Active only after Waiting Window activation IF the proxy has tested successfully at least one combo.
589.  
590.  
591.  
592. When a proxy is disabled?
593.  
594. A proxy is disabled when it generates a HTTP/socket error. A HTTP error can be a 404 - Not Found error or a 5xx error (server error) for example. A socket error is a TCP connection error like a connection refused or a connection timed out error (these errors are reported anyway as 404 errors even if they don't occur over HTTP). Moreover a proxy is disabled if it generates an error in the bot engine, like a 404 - Incomplete Form error or a 404 - Incomplete Source error.
595.  
596.  
597.  
598. When a proxy is banned?
599.  
600. A proxy can be banned for 3 reasons in MBA:
601.  
602. 1) MBA recognizes the proxy as bad proxy, i.e. the proxy ignores the connection request to the site under attack and gives a fake answer.
603.  
604. 2) MBA recognizes that the proxy has been banned by the site under attack: such proxy will be banned since it will not be able to authenticate successfully until it is unbanned by the site.
605.  
606. 3) MBA recognizes the proxy as dead/too slow proxy.
607.  
608.  
609.  
610. Bad Proxies
611.  
612. The proxies in case 1) will be recognized as bad thanx to the AfterFingerPrinting engine: when after an attempt no keys are found on the answer (so the combo could be good or bad), MBA retries the same proxy with a random generated combo: if on the new answer a failure key is found, then the AfterFingerPrint succeded, otherwise the proxy is banned and the original combo is retried with another proxy.
613.  
614. Of course also proxies n case 2) will be banned by the AfterFingerPrinting engine, but case 2) proxies can be taken care of with good ban keys, avoiding the AfterFingerPrint engine activation. Other proxies recognized as bad proxies are the ones which return a 407 code, a 401 code on form sites, a 403 code or a 305 code.
615.  
616.  
617.  
618. Proxies banned by the site under attack
619.  
620. Proxies in case 2) as already said have to be recognized by configuring properly headers and/or source ban keys by analazying the responses given by the site upon banning an IP.
621.  
622.  
623.  
624. Dead Proxies
625.  
626. For each proxy in the list, MBA stores two numbers: the number of combo successfully tested (i.e. combo marked as bad, good, redirect or to check) and the number of retries.
627.  
628. Let's call the first number Combo_Tested and the second number Retries. First we must understand what a retry is. A proxy generates a retry for two reasons:
629.  
630. 1) The proxy generates an error, i.e. one of the errors i mentioned when i talked about the proxies disabled.