Remotely use By API

Can we use OB2 by api .Or by Shell command
something like this
uploadwordlist.php?wordlist=test.txt
start.php?wordlist=test.txt&config=config.opk

This is a planned feature but it’s not available yet

2 Likes

I’ve used OB1 before as API , I’ll share it soon … with OB2
u need just :arrow_down:
OB2 CLI + php + jquery + json = FULL REST API
i do that in SB (The moded OB1) and it works well .
u need just delete the line below from the console source , to make it shutdown bu itself at every request.

            // Prevent console from closing until the user presses return, then close
            System.Console.ReadLine();

This is the version 0.1 Beta without jquery xhr/ajax and json response

JQuery Source Code :arrow_down: : (this script manage requests , the second request wait until the first end)

do.php?data=0785845741&v=v1&msg=promotion

<!DOCTYPE html>
<html>
<head>
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script>

    var handle;
        function AWIDAKIK()
    { 	

        var url = 'wait.php'; //put the url of php treatment
        $.get(url,{'v':'v1','data':'<?php echo $_GET['data']; ?>','msg':'<?php echo $_GET['msg']; ?>'},); //get param data and msg
    }

    $(document).ready(
        function()
        {   
            $("body").load( "DATA/wait.txt", function(response)
            {
			
                    if ( response == "Ok" ) {
                        if (handle != 0) {
                    clearInterval(handle);
					AWIDAKIK();
                    clearInterval(handle);
                    } handle = 0;  } else if ( response == "Wait" ) {
                    handle = setInterval(function(){
                        $("window").on("load", AWIDAKIK());
                        },10000); 
//re-check every 10 in the web console, u can optimize the code , I'm not good in Jquery
                        
                    } else {
                        return false;
                    } 

            });
        }
    );
</script>
</head>
<body>
</body>
</html>

NB :warning: : u should make your config write “Wait” in file.txt at the top of the config and “Ok” in the same file.txt at the bottom of config too.

PHP Source Code :arrow_down: : (WTS sender with selenium as exemple)

<?php
require('php.php'); //mysql param ,to get msg by name
set_time_limit(0);
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: OPTIONS,GET,POST,PUT,DELETE");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
// Use unlink() function to delete a file
if (isset($_GET['data'])) {
unlink('DATA/datamata.txt');
$txt = $_GET['data'];
// spliter of data 
$preg = preg_split('/\|/', $txt);
foreach ($preg as $value) {
$myfile = file_put_contents('DATA/datamata.txt', $value.PHP_EOL , FILE_APPEND | LOCK_EX);
}}else{
$txt = "INPUT NOTSET CUZ ALREADY SELECTED FROM FILE";
}
/* URI encode from server query string for exemple '+' in basic input replace with whitespace so we add this code below to get the original input */
preg_match_all('/(\w+)=([^&]+)/', $_SERVER["QUERY_STRING"], $pairs);
$_GET = (array_combine($pairs[1], $pairs[2]));
// input version switcher
$variables = array('v0' => 'shipy-short', 'v1' => 'numbers', 'v2' => 'whatsapp-basic', 'v3' => 'whatsapp-npro', 'v4' => 'whatsapp-full' );
if (!isset($_GET['v'])){
$_GET['v'] = 'v0';
}

// run code with arguments
shell_exec('cmd /c START killer.bat | START bin\whatsapp.exe --bots 1 --output hits.txt --useproxies False --wordlist DATA/datamata.txt --wltype '.$variables[''.$_GET['v'].''].''); 
/* shell_exec('cmd /c START killer2.bat'); */
$hits = file_get_contents('hits.txt');
$message = file_get_contents('DATA/bodyv2.txt');
preg_match('/(\[)(.*)(\])(\[)(.*)(\]\[\])/', $hits, $output);


///////////////////////////////////////////
/* if (isset($output[0])){
	echo $output[0];
}else{
	echo "Not yet";
} */
///////////////////////////////////////////

// Declare class
class WTS {
       
}
   
// Declare an object
$value = new WTS();

// Set the object elements
$value->Author = "RifHut-xSUNMANx";
$value->Input = $txt;
$value->Input_type = $variables[''.$_GET['v'].''];
$value->Status = $output[5];
$value->Message = $message;
$value->Sent_at = $output[2];
$value->Variables = "Use the differents versions below for --wltype [Variable] option :";
$value->v0 = "[shipy-short][Default] form input [NAME;CITY;ZONE;06XXXXXXXX;ADRESS;NPACK;PRICE;CID]";
$value->v1 = "[numbers] form input [06XXXXXXXX]";
$value->v2 = "[whatsapp-basic] form input [06XXXXXXXX:NAME:ADRESS]"; 
$value->v3 = "[whatsapp-npro] form input [06XXXXXXXX:NPRODUCT]";
$value->v4 = "[whatsapp-full] form input [06XXXXXXXX:NAME:ADRESS:PRICE:NRODUCT]"; 
$value->NB = "auto detection of the correct variable [NUMBER] for exemple [06-XX.XX.fjghghjgjhgXXXX output > 06XXXXXXXX]";
$value->REF = "full log /hits.txt | Success Sent /STATUS/Success.txt | Fails and not valid numbers /STATUS/[YYYY-MM-DD]-NOTYET.txt";
$value->EXEMPLE = "run.php?data=06XXXXXXXX&v=v1";
// Use json_encode() function
$json = json_encode($value, JSON_UNESCAPED_UNICODE);
   
// Display the output
print_r($json);
  
?>

This nonsense doesn’t have to work with you, but just to make the idea somewhat clear.

But the best solution and more secured choice is Node js or REST API in
ASP.NET Core.

1 Like