1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BHCB - Leaking?

Discussion in 'BlackHat Lounge' started by Nickehyz, Aug 19, 2009.

  1. Nickehyz

    Nickehyz Registered Member

    Joined:
    Feb 25, 2009
    Messages:
    81
    Likes Received:
    4
    Location:
    USA
    Hello Lounge, I thought this would be a decent area to put this in.

    Anyways, I think I read a few weeks ago that blackhat code breaker leaked the referrer. Is this true/has it been fixed/am I making this up? I want to buy it tonight depending on it. :)

    Thanks.
     
    • Thanks Thanks x 1
  2. gbmack

    gbmack Power Member

    Joined:
    Apr 19, 2009
    Messages:
    705
    Likes Received:
    686
    You can use CPAredirector or a DMR on the links that you put in BHCB.

    Of course, that would be a hassle. But it's worth it.
     
    • Thanks Thanks x 1
  3. Nickehyz

    Nickehyz Registered Member

    Joined:
    Feb 25, 2009
    Messages:
    81
    Likes Received:
    4
    Location:
    USA
    Yeah...that's what I read about too.

    Although, I just looked at the BHCB's site:

    So would I still need to use CPAredirector or a DMR?
     
  4. MR.blackhat

    MR.blackhat Regular Member

    Joined:
    Nov 4, 2007
    Messages:
    270
    Likes Received:
    46
    Occupation:
    Black Hat Marketer
    Location:
    USA
    I may be able to help you. Send me your AIM via PM so we can chat.
     
  5. Nickehyz

    Nickehyz Registered Member

    Joined:
    Feb 25, 2009
    Messages:
    81
    Likes Received:
    4
    Location:
    USA
    Pm'ed you.
     
  6. BlackHatCodeBreaker

    BlackHatCodeBreaker Registered Member

    Joined:
    Jun 7, 2009
    Messages:
    64
    Likes Received:
    28
    Home Page:
    Hey,

    The original BHCB V1.0 did NOT have any referrer protection function, so obviously it leaked. The leak you referred to would be with V1.0

    The current BHCB V2.0 provides a built-in referrer hiding option. It even double checks the result to compensate for browsers such as Safari that don't enable hiding. The end result is that there are NO leaks whatsoever, regardless of browser used.

    Cheers,
    Brad
     
    • Thanks Thanks x 3
  7. CClark56

    CClark56 Regular Member

    Joined:
    May 25, 2009
    Messages:
    298
    Likes Received:
    128
    Location:
    Indiana
    Indeed, I bought BHCB lastnight actually. Tested the shit out of it, def. does not leak.

    Only thing I've had a problem with is it doesn't cover flash videos, which kinda sucks but oh well, I can take a screen shot of the video and place it on the page and they can click it.
     
    • Thanks Thanks x 1
  8. BlackHatCodeBreaker

    BlackHatCodeBreaker Registered Member

    Joined:
    Jun 7, 2009
    Messages:
    64
    Likes Received:
    28
    Home Page:
    I thought so too, but in fact BHCB works perfectly with flash videos such as YouTube etc.

    The problem you're having is that the vid pops above the lock panel. This can be easily fixed by just adding name="wmode" and wmode="transparent" to the video link, as shown below:
    Code:
    [SIZE=3]<object width="425" height="344">
    <param name="movie" value="http://www.youtube.com/v/JFanFFKma1w&hl=en&fs=1&" [B][COLOR=Red]name="wmode"[/COLOR][/B]></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>
    <embed src="http://www.youtube.com/v/JFanFFKma1w&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344" [B][COLOR=Red]wmode="transparent"[/COLOR][/B]></embed></object>[/SIZE]
    Simple, and works like magic.

    Cheers,
    Brad
     
    • Thanks Thanks x 2
  9. Techno

    Techno Newbie

    Joined:
    Jul 10, 2009
    Messages:
    28
    Likes Received:
    13
    FireFox NoScript can Easily bypass This Shit.:D
     
  10. g-Vector

    g-Vector Regular Member

    Joined:
    Apr 13, 2009
    Messages:
    241
    Likes Received:
    117
    Location:
    .nl
    The people who visit the "protected by BHCB" site wouldn't even know which browser they are using, or they are horney and wouldn't bother.

    Robert
     
    • Thanks Thanks x 1
  11. BlackHatCodeBreaker

    BlackHatCodeBreaker Registered Member

    Joined:
    Jun 7, 2009
    Messages:
    64
    Likes Received:
    28
    Home Page:
    There are other ways to bypass BHCB too.

    If your site targets hackers - BHCB would be of little use. But on "normal" sites 99% of users will just get the lock panel and decide whether to fill the offer or lose the content the page promises. On short offers this makes for extremely high conversion rates.

    Brad
     
  12. fuzion

    fuzion Newbie

    Joined:
    Aug 9, 2008
    Messages:
    26
    Likes Received:
    336
    Occupation:
    suckering suckers and trolling trolls
    noscript is popular as fuck... i wish there were better ways to fake the referer than javascript forms or DMR
    adblock and noscript are the first and fourth most popular addons for firefox...
     
  13. fuzion

    fuzion Newbie

    Joined:
    Aug 9, 2008
    Messages:
    26
    Likes Received:
    336
    Occupation:
    suckering suckers and trolling trolls
    note to self, stop posting while the forum is fucking up
     
    Last edited: Aug 21, 2009
  14. g-Vector

    g-Vector Regular Member

    Joined:
    Apr 13, 2009
    Messages:
    241
    Likes Received:
    117
    Location:
    .nl
    So we exclude all Firefox browsers server side. Next thing you'll say fake browser name add-on "is p as f", or WHY "is p as f".

    Then they will not see much, no script means PHP redirect to the otherside of the internet, or
    I could make sure that the protected content itself requires script execution to be on.
    Do you realise how many ways there are to "sabotage" back noscript ?
    But that's too much hassle.

    I'm not bashing you, point I'm making is that out of own experience I know that it doesn't matter how many slip through. You make lots of money with BHCB anyway. Especially if you keep repeating what you do.

    I asked Brad some pre-sales questions. One of them was about the timer. I told him that I found it to be the only "shaky" thing about BHCB.
    Part of his reply was :
    I can tell you that he was completely right. In fact when you start getting lots of traffic to your protected site, the more who slip through, the better. Doesn't matter in which way they slip through. Noscript, or by waiting for the timer to expire.

    Robert
     
    • Thanks Thanks x 1
    Last edited: Aug 21, 2009
  15. gimme4free

    gimme4free Executive VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2008
    Messages:
    1,879
    Likes Received:
    1,931
    People that use noscript are unlikely to fill out CPA offers in the first place, the majority of my site visitors are using IE anyway, the chance of actually getting users with noscript to your page should be quite low in reality. If you are getting a lot then you are targetting the wrong niche.
     
  16. choad

    choad Registered Member

    Joined:
    Dec 28, 2008
    Messages:
    70
    Likes Received:
    119
    Just a question, since Brad seems to be reading this thread. I have not tested this out for any other browsers except for Google Chrome so it might not be the case for other browsers. But, in google chrome, if the page that has the script is a long page (as in you have to scroll to view the rest of the content" Users are able to view the bottom of the page just by clicking on the mouse wheel, dragging the mouse down and auto-scrolling down that way. Is it possible in the new version to make it so that the page will auto-scroll to the top until after the page is unlocked?

    Sorry if that did not make any sense o_O
     
  17. kimkils

    kimkils Power Member

    Joined:
    Jan 10, 2009
    Messages:
    663
    Likes Received:
    225
    Version 2 doesnt allow you to scroll down. The built in referer blanking feature uses a DMR so i believe this will not work in Chrome and will cause a loop.

    I have my BHCB links as America.php and UK.php (for example)

    ...and then each of those has some php code to randomly select a geotargeted cpa offer to navigate to, which has a CPA redirector landing page, ive put the code below, if anybody wants it...

    PHP:
    <?php

        $random_url 
    = array("http://yourdomain.com/lander.php?n=1234",
                            
    "http://yourdomain.com/lander2.php?n=1234");
        
    srand(time());
        
    $random = (rand()%count($random_url));
        
        
    header ("Location: $random_url[$random]");

            
    ?>
     
  18. choad

    choad Registered Member

    Joined:
    Dec 28, 2008
    Messages:
    70
    Likes Received:
    119
    Here is a pic of what i am talking about

    When you first enter into the page:
    [​IMG]

    If user were to click the middle mouse button and auto-scroll down.
    The user can also highlight the part that is not "grayed" out

    [​IMG]
     
  19. g-Vector

    g-Vector Regular Member

    Joined:
    Apr 13, 2009
    Messages:
    241
    Likes Received:
    117
    Location:
    .nl
    I can only see a 1x1 tranparent pixel. :p

    Robert
     
  20. BlackHatCodeBreaker

    BlackHatCodeBreaker Registered Member

    Joined:
    Jun 7, 2009
    Messages:
    64
    Likes Received:
    28
    Home Page:
    Hey Choad,

    It makes perfect sense. In fact - V3 which will arrive at the end of this month scrolls straight to the top when the page locks.

    This is especially important in V3, as V3 also includes a tease-timer which enables you to let people view the page some time before you lock it. This timer is great for video sites (just like pay-per-view films on cable-TV: you give the user a taste of the vid, then when they're into it the page suddenly locks and they have to fill the CPA offer to unlock and keep viewing), but this also means the user can scroll down a lot.

    This is why V3 includes automatic scroll-to-top when the page locks.

    It will work on Chrome, without a loop. BHCB checks whether the DMR hid the referrer or not. If DMR faied - BHCB will send the visitor to a "fallback link" that you provide - usually an incentivized offer which you have no problem passing the referrer on.

    Cheers,
    Brad
     
    • Thanks Thanks x 2