How to secure your configs

If you made a config for OB2 and you want to share it so others can use it, but you don’t want other people to be able to read the code, there are a few options.

We will discuss them from the one that gives the most security to the one that gives the least security.


Set up OB2 on a private machine that you and only you have access to (I suggest using docker, but you can also purchase a low-cost Linux VPS from an online provider). Then set up the admin account, enable the admin login requirement, and set up a guest account that your friend can use. Guests can use configs in jobs and upload proxies/wordlists, but they cannot edit the configs in any way. This is the best security you can get, although it means that you have to provide the machine resources yourself.

Compiling to DLL

Backers of the crowdfunding campaign have access to a bot that pre-compiles the code to a DLL. This can then be obfuscated to achieve a decent amount of security. The format is the same (.opk) but when editing the config, you will only be able to edit the metadata and settings since the code itself is compiled and cannot be changed through OB2 itself anymore.

Config Sharing

You can share configs by setting up endpoints in the Sharing tab of the program, even though this only gives basic security, removing the ability to edit or save them. Configs are not encrypted when sent from an OB2 instance to another, and they can easily be intercepted and downloaded.