1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

BrowserAutomationStudio. Create multi-threaded applications for free without any programming skills.

Discussion in 'Black Hat SEO Tools' started by Twaego, Nov 29, 2016.

  1. theking554

    theking554 Newbie

    Joined:
    Mar 3, 2018
    Messages:
    7
    Likes Received:
    1
    does it have an html Parser? - asking because i am trying to write a bot that sends email via the hotmail web interface.
     
  2. Patchworks

    Patchworks Junior Member

    Joined:
    Jun 11, 2011
    Messages:
    113
    Likes Received:
    15
    I have been trying to get in touch with the developer but have not heard anyhting back so I'm wondering how good premium support really is/

    I even tried to PM the guy here and no response?



    Also, wondering if there are any BAS developer for hire? anyone available?
     
  3. Rosier

    Rosier Newbie

    Joined:
    Aug 4, 2017
    Messages:
    17
    Likes Received:
    7
    Gender:
    Male
    Have been using this for a long time now, great stuff!

    Is there a way I can get the browser to use chrome extensions?
     
  4. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    Chrome version is updated to 68.

    [​IMG]

    Browser architecture is changed from single process to multiprocess. Single process architecture is poorly supported, so this change may avoid a lot of bugs.

    Added support of widevine drm. This change will make sites like netflix and spotify work with BAS.

    Added new action "Notifications", now you can accept or reject browser notifications.

    [​IMG]

    Added limited support of Chrome extensions. Use "Browser Settings" action to enable them. Unfortunately most of api still don't work. See https://bitbucket.org/chromiumembedded/cef/issues/1947/add-support-for-chrome-extensions for work progress.

    In this version you can work with Multilogin in record mode.

    In order to use new changes you need to stop Multilogin on first run and let BAS start it.
     
    • Thanks Thanks x 1
  5. ibox

    ibox Newbie

    Joined:
    Oct 5, 2018
    Messages:
    2
    Likes Received:
    0
    Hi, I have the same problem on Windows 8.1 and adding exclusions to Windows Defender didn't help: I can't launch my script without having the same error DABP had.
    On Windows 8.1 I even: excluded all BAS folder, excluded specifically file Worker.exe file, excluded Process Worker.exe but still the same behavior.

    I can't post linked images yet but here are the screenshots:
    imgur.com/9PovYDQ
    imgur.com/4hcFTXE

    Does anyone have an idea of what it could be?
     
    Last edited: Oct 5, 2018
  6. ibox

    ibox Newbie

    Joined:
    Oct 5, 2018
    Messages:
    2
    Likes Received:
    0
    UPDATE: :D so basically two .exe are generated, the GUI one (showing BAS by default, named as typed while compiling, ex: gui.exe) and the SILENT one (no GUI, always named RemoteExecuteScriptSilent.exe)
    After launching manually gui.exe one time, RemoteExecuteScriptSilent.exe now works...
    I just can't find a way to display the logs in Windows shell o_O

    Does it mean that everytime I wanna deploy my bot to a new server I have to:
    1. upload the gui and silent version
    2. launch the gui manually first
    3. and only then my silent bot can run remotely?
    Thanks for your help ;)
     
    Last edited: Oct 5, 2018
  7. carbonebay

    carbonebay Newbie

    Joined:
    Sep 11, 2018
    Messages:
    24
    Likes Received:
    5
    Hey, i really Like BAS but i do not really get how to work with the DB.
    i want to automate my order tracking more so as an example i have made a database which i manage and prefill with Libreoffice or access
    then the bot will get the order ID from the table, check for a tracking number and insert it again in the same table but different column.
    Can you please point me in the right direction?
     
  8. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    There are a several big changes in this version:

    The 'Proxy' action now not only changes the proxy, but also makes the proxy change look more natural.
    Working with main window (the black one) is now more intuitive and user friendly.
    Fixed one very unpleasant bug associated with the delayed release of memory when working with a single browser for a long time.

    [​IMG]

    [​IMG]

    Let's look at each change in more detail.


    We will start with some information about WebRTC, since this functionality is built into any modern browser, and exposes your real ip even if you are using a proxy. WebRTC is a api that helps establish a connection between browsers and transfer information between them. Moreover, preference is given to a direct connection, and only if both browsers are behind a firewall or NAT, then a special server is used to transmit traffic between them. Establishing a connection is not easy given the fact that ipv4 addresses are not enough for all devices, so most of them are resides in private networks, have addresses like 192.168.*.* Or 172.16.*.* and exchange information with others through NAT. WebRTC uses following algorithm to establish a connection - devices receive information about the configuration of their networks and exchange it via some other channel, then they try to connect using different configuration options(different ips). Suppose if devices are in the same network, then to establish a connection, it is enough to use ip in this network, if one of the devices has an external ip, then it acts as a "server" and the second device connects to it, or vice versa. We are interested only in the configuration of the network, because it contains real ip addresses. WebRTC allows reading them, and even editing via javascript before sending it to the other party. The information is in SDP format described in these documents https://tools.ietf.org/html/rfc5245#section-15 https://tools.ietf.org/html/rfc4566. The following link demonstrates how it can be obtained through browser https://jsfiddle.net/wrbyLqkn/1/, most likely you will find your real ip there. Browser external ip is a part of this information, it can be obtained through a request to the STUN server. The functionality of this server is very simple - it returns real ip address to the device that made request. The site sets the STUN server address by itself, for example, in the code above, the server stun.l.google.com:19302 was used. Requests to this server goes through the UDP protocol(not a TCP as usual) bypassing the proxy. Summarizing the above, javascript can make a request to an arbitrary server without a proxy and receives a response in the form of a real external ip. Here is a good article if you want to know more https://www.html5rocks.com/en/tutorials/webrtc/infrastructure/

    Until recently, BAS prohibited any WebRTC ip requests. In this version, it changes the ip received from WebRTC to the external ip of the current proxy. This happens by default when using the 'Proxy' action, however, the new functionality can be disabled. Lets review details of implementation:

    1) Ip substitution occurs at the browser level, it is impossible to detect it via js.
    2) Different browsers may display information in SDP format, however it is slightly different. Substitution can be done through the replacement of the text, and this method can be detected by checking some details specific to the browser. BAS provides information exactly as Chrome does, without replacing text.
    3) Requests to any STUN server are denied. Even if you prohibit receiving information directly through js, but leave the browser an opportunity to make a request to the server, the real ip will not be known to the client, but it will be known to the server and if you configure several servers or several ports and associate the user with a specific server, you can get ip on the client side. BAS protects against this method.

    There is a simple method to check if a site is trying to get your ip through WebRTC or not, just install Wireshark, set the 'stun' string in the filter field, and go to the site, which you want to check. If it uses WebRTC, requests will be displayed in the application window. Here is a video that demonstrates this: https://i.imgur.com/LwKQY7S.gifv

    In the case of BAS, there will be no requests, even if ip will return.

    Why not make requests to the STUN server through proxy?
    Not all proxies supports the UPD protocol, although this is indicated in the specification. An example of such a proxy is https://i.imgur.com/ubKq7nZ.gifv In the future, BAS will check proxies for this feature, but now all requests to the STUN server are prohibited.

    As you can see that current WebRTC replacement implementation is not ideal but it is close enough to it.

    In addition, the action 'Proxy' is now also able to automatically change the geolocation and time zone of the browser.

    Changing the time zone now also occurs at the browser level - absolutely all dates that the browser returns now have a time zone exactly the same as that timezone of proxy.

    BAS has learned how to correctly return the modified date, taking into account DST.

    Another way how you can obtain your approximate real location with browser is to use internationalization api( https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat ). Example of usage: https://jsfiddle.net/0Lq2km96/, this link should display your approximate real location regardless of proxy and vpn.

    These values are also replaced when using the 'Proxy' action, you can verify this by accessing previous page from BAS.

    Finally, it could happen that the ip that you use to access the proxy does not match its external ip, in such cases BAS will receive an external ip through the ip.bablosoft.com service. Unfortunately, there is no way to get an address without a network request. The service should work stably at 20k requests per second. This can be disabled.

    A lot of attention in the new update was paid to the usability of the main window.

    For items whose value may not be completely clear, hints have appeared.
    Many convenient details were implemented: the list of recent projects is now always on the main panel, the path to the current project can be copied, all icons are replaced with those that look better with a small size of elements, the icons of running browsers are changed.
    Added the ability to quickly share projects - open a project from link and upload to Google Drive.
    Updated project compilation window, it has become more intuitive and integrated with the cloud. Now the project can be updated / created directly from BAS, it is possible avoid creating an archive during compilation.

    A lot of time was spent searching to fix the bug with the delayed memory release. The bug exists all the time throughout the life of the project and manifested itself only when several browsers worked 10 or more hours without restarting. Memory consumption increased by about 5-10 mb per hour, after a few days of continuous work, the project becomes unusable. The error was related to the Qt library, a method was found to work around this bug.

    I hope that you will enjoy the new version and it will be useful!
     
    • Thanks Thanks x 6
  9. plantacja

    plantacja Junior Member

    Joined:
    Oct 12, 2007
    Messages:
    147
    Likes Received:
    40
    Great news.. keep up a good work guys :)
     
  10. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    Version 21.5.1 has been released. It contains many changes related to browser anonymity. Let's take a closer look at them:

    Modern browsers support API for working with sound. Using this API, site can generate and process sound, as well as access to binary data. Similar to Canvas and WebGL, the sound data also contains slight differences depending on the hardware, browser and system. These differences can be used to identify you among other users of the site, even when using a proxy. The new version supports audio fingerprinting - BAS adds different noise patterns to the returned audio data each time the fingerprint changes. In addition, this API also gives access to various system parameters related to sound. BAS replaces these parameters, values are taken from real devices using the FingerprintSwitcher service.

    More information about this technique can be found in this article http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf paragraph 6.4.
    On this site you can get audio fingerprint for your browser https://audiofingerprint.openwpm.com/

    Site can obtain information about the system language in several ways: from Accept-Language header, navigator.language and navigator.languages methods, as well as from internalization API. These properties may contain not only one, but several languages, and the Accept-Language header has a different format depending on the system. These differences are one of browser fingerprinting factors. After a short test, it was discovered that for 20,000 users there are 751 unique values of the Accept-Language field. Of course, replacing these fields with real values from another device would be wrong, because it would create a discrepancy between the system language and the current proxy. Therefore, an algorithm was developed that "connects" the country / language of the current IP and the format of real fields from a real device. For example, if the original header was ru-RU,en-US;q=0.9, and the proxy is in Germany, the result would be de-DE,en-US;q=0.9. The algorithm correctly preserves the format and removes additional languages, for example, such a field ru, uk;q=0.8, be;q=0.8, en;q=0.7, *;q=0.01 will be replaced with following de, en;q=0.8, *;q=0.01. The current IP, country, and language is obtained after changing a proxy.

    More information about Accept-Language https://tools.ietf.org/html/rfc7231#section-5.3.5
    Testing algorithm results https://pastebin.com/raw/mmgVmbyb

    One of the properties of hardware which is allowed to access from web is the battery charge. Researches in the article below shows that this information is not dangerous for the user, because it allows to track him only in the short term. Indeed, the battery charge is constantly changing, and it is impossible to predict what values will it have in a long time. However, this method can be useful for tracking mass actions. Imagine that you are running BAS from a laptop, and the site sees thousands of registrations from a device which charge is 56%, and 35 minutes are left until the end of charging. Of course, you can run the software only on a device without battery or from a fully charged laptop, but this can also be suspicious especially when using mobile fingerprints. Therefore, the decision was made to emulate the charging / discharging of the battery, as well as all the events and values returned by API on devices that have a battery. Information about battery availability provides FingerprintSwitcher. Here's how it might look: https://i.imgur.com/tDnZFDl.png, on the chart you can see that the values are gradually decreasing.


    Article about battery fingerprints https://eprint.iacr.org/2015/616.pdf
    Check battery API for your browser https://fingerprints.bablosoft.com/battery

    BAS uses a certain amount of auxiliary code for searching elements on page, implementing recaptcha injections and others. Before now, software could be detected by checking presence of this functionality, so in the new version it is hidden, all the function names are generated randomly and are different for each thread. The mechanism for injecting fingerprints has been reworked. Earlier, BAS relied on the constructions like this: Object.defineProperty(...), now the substitution occurs inside the browser. The old method is used only to change the list of plugins and in places where it is absolutely necessary. For example, Chrome, unlike Firefox, does not support API for working with VR helmets. Therefore, to emulate this functionality, javascript is used. Bypassing some of the other methods that are used to determine the browser engine is also rewritten with c++.


    The mouse emulation has been improved. When moving to element which is invisible on the screen, the mouse wheel is used to scroll page, and not javascript as before. If the element is far beyond the visible area, the speed of the scroll is much faster than if it is very close. Here's how it looks like https://i.imgur.com/IdH2edf.gifv. The initial position of the cursor is chosen randomly, and not in the upper left corner as before. Increased frequency of generating events associated with the movement of the mouse.

    Header order emulation was temporary removed after moving to tunneling technique to implement proxy. Now this functionality is reimplemented. The order of the headers is taken from the real devices.

    Added the ability to save a fingerprint in the profile folder and upload it from there when applying a profile. When you receive information about the current profile, you can find out if it contains a fingerprint, the result will be returned to the HAS_FINGERPRINT variable.

    The font replacement algorithm has been completely rewritten. Previously, BAS was injected into the browser process "on the fly" and replaced some system calls, now the same effect is achieved by changing the source code of the browser. The new implementation allows you to change the font set without restarting the browser, as well as get rid of some bugs. For now for full-fledged work, it is desirable that on the machine on which BAS runs, as many fonts are installed as possible. Later new fonts will be generated even without actual presence on a system by adding noise.

    Flash tunneling support added. This means that absolutely all requests that the flash process makes will pass through a given proxy. Also note, that flash has much greater capabilities than javascript and therefore enabling flash makes your browser more detectable. In BAS, most likely, the techniques will not be used to make flash more secure, as is done with javascript because its support will be terminated by Adobe in 2020 https://theblog.adobe.com/adobe-flash-update/ With a flash element smaller than a certain size, Chrome asks the user to confirm its launch, the new BAS version works in a same way as user automatically agrees to do this(if the flash is turned on).

    You can check ip returned by flash on this site https://whatleaks.com/

    Some other changes which doesn't concern browser fingerprints:

    The web interface can now use localStorage to store software settings between launches.

    Calling BAS_API method inside Node.js now generates an exception in case of an error. Now you can do this:
    Code:
    try
    {
        await BAS_API(`load("wrongurl11111.com")!`)
    }catch(e)
    {
        console.log(`Something went wrong: ${e}`)
    }
    
    There is a new setting for protected application: "Allow only single instance of the application."

    BAS executables are now signed. This allows to quickly pass SmartScreen challenge on Windows 10, as well as to avoid false positives of antiviruses.

    Edge scrolling is implemented in scenario editor.

    Lots of bugs was fixed, the most important are:

    Fixed bug with using referrer header and page redirection.
    Network errors when loading a project no longer report the server URL.
    Fixed the corruption of previous project after failed loading new one.


    When switching to the new version, the old projects will work in the old way, if you want to use the new functionality, then you need to start editing the 'Proxy', 'Apply fingerprint' and 'Get fingerprint' actions and click Ok without changing anything.
     
    • Thanks Thanks x 4
  11. plantacja

    plantacja Junior Member

    Joined:
    Oct 12, 2007
    Messages:
    147
    Likes Received:
    40
    Im glad to see that you are still adding new things.. but my new year wish is adding manual browser control :D:D:D
     
    • Thanks Thanks x 1
  12. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    Version 21.6.1 has been released.

    The main change in this version is FingerprintDetector support.
    There have also been several changes and fixes in BAS:

    The FingerprintSwitcher service now replaces the list of video card extensions and many other parameters:

    https://i.imgur.com/2aFGBRy.png

    When adding an humanlike page scrolling functionality, several errors were made, for example, the waiting for an element did not work correctly. Now these problems are fixed.

    Mail search now supports utf-8 encoding.

    The list of exceptions for Capmonster and Recaptcha2 is now empty by default, which allows you to send absolutely all requests to the software. Previously, it had to be configured manually.

    A new method for XEvil and image captcha has been added, its saves time when working with this software and avoids some errors related to inaccurate image rendering.

    The "Template" action allows you to ignore spintax and not to replace variables and resources with their values(customizable behavior). In this way, you can create multi-line variables with special characters.

    Fixed a timeout error when closing a tab.

    Fixed bug with accumulating identifiers when creating and closing tabs in a loop.

    FingerprintDetector and FingerprintSwitcher now work together correctly. However, it is best to run the Detector with no fingerprint applied.

    In the settings tab, there is now a link by clicking on which you can debug the interface directly in the browser.

    https://i.imgur.com/KJVHLBH.png

    When creating actions "For", "While", "Foreach" and "Ignore errors", descriptive actions will also be added to the script panel. This will help to better understand how loop works for new users.

    Each action now has a button to ignore errors during its execution:

    https://i.imgur.com/4EeowMQ.gif

    The buttons for moving the execution point are easier to reach because of increasing their area.


    The next change will be manual browser control with support for recording the script, working in compiled or run mode. There will be a special action for passing control to the user in multi-threaded mode. A web interface will also be supported. Expected release date is end of February.
     
    • Thanks Thanks x 1
  13. LawCash

    LawCash Junior Member

    Joined:
    Oct 16, 2016
    Messages:
    100
    Likes Received:
    8
    Gender:
    Male
    I'm struggling to make a bot to reply Facebook page comments is there a way I can loop action to be performed on each reply link?
     
  14. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    Yes, there is a possibility to loop over elements. This video shows an example

    (better to watch with 2.0 speed)
     
  15. moh531

    moh531 Registered Member

    Joined:
    May 1, 2015
    Messages:
    83
    Likes Received:
    11
    I just want to leave a review for this amazing software. I originally had plans on buying Ubot which is much more expensive than BAS, but I am glad I gave BAS a try. People said it gets the job done, but this software does way more than just getting the job done. I recommend anyone that wants to do some sort of browser automation to give BAS a try before purchasing any other software. It is free to use and has all the features one would need to do any sort of browser automation. I bought the premium version to release my bot to customers and they all love it and the premium version comes with one click updates and licensing your bot. The support is top notch and they helped me solve a big issue within about 3 hours max. The developer is a great guy and very helpful.
     
    • Thanks Thanks x 1
  16. Tryingtomakebusiness

    Tryingtomakebusiness BANNED BANNED

    Joined:
    Feb 9, 2019
    Messages:
    8
    Likes Received:
    0
    Gender:
    Male
    Country selection in luminati doesn't work.
     
  17. back2basics

    back2basics Power Member

    Joined:
    Nov 11, 2012
    Messages:
    731
    Likes Received:
    466
    Just want to wholly endorse this software, most underrated software on the internet. Keep up the great work OP!
     
  18. Larry Igna

    Larry Igna Regular Member

    Joined:
    Nov 25, 2016
    Messages:
    251
    Likes Received:
    238
    Gender:
    Male
    It's possible to read/save websocket data with BAS? I'm trying to capture websocket frames from a website and it would be easier to use a browser to establish the connection (because of login cookies/tokens). All that I need is frames saved in a txt/JSON file somewhere so I can later read and use.
     
  19. Twaego

    Twaego Registered Member

    Joined:
    Oct 7, 2014
    Messages:
    81
    Likes Received:
    108
    Occupation:
    Software developer
    Location:
    Kiev
    Home Page:
    In new version user can control browser manually.

    This means that all mouse and keyboard events will be sent to the browser directly. This feature is optional, old control mode without any changes stays in the new version as one of the possible options. Here is a complete list of all ways to interact with the browser in the new mode:
    • Mouse clicks.
    • Drag and drop.
    • Double click.
    • Keyboard input.
    • Keyboard shortcuts Ctrl-C, Ctrl-A, ...
    • Url change.
    • Scroll bar interaction.
    • Tabs management.
    • Browser history(back action).
    In order to enable the new mode, click on this button:

    [​IMG]

    Modes can also be switched using hotkeys.(F1, F2, F3).

    Video. Manual browser control:
    https://imgur.com/PrExFDw



    Automatic script recording.

    BAS can also record a script when manual control is on. To do this, switch to the third mode on the corresponding panel or press F3. In this case, any user interaction will be converted into actions and added to the scenario panel. All actions will get there, except page scrolling. BAS will try to combine actions into chains, for example, clicking on an element and entering text will be merged into the "Type text" into the element, so the script panel will not be filled immediately. The action "Wait Full Page Load" will be added as the page loads in the browser. Here's what it looks like:

    Video. Script recorder:
    https://imgur.com/a/3BSqSoz



    Controlling browser in multi-threaded mode.

    New features are also available in multi-threaded mode, to activate it you need to call "Manual browser control" action. This action will give browser control to the user, and he will receive a corresponding notification - the browser will be highlighted with red border,

    [​IMG]

    and a link will appear in the browser itself, clicking on which will transfer control back to the application

    [​IMG]

    This method allows you to implement a cooperative browser control - part of work will be done by user, rest by script. For example, entering a captcha or authorization on the site can be performed by user himself, and everything else will be executed by the script automatically.

    Video. Browser control in multi-threaded mode:
    https://imgur.com/a/X5e6doH



    Controlling browser and web interface.

    To start manual browser control with web interface, a native window must be opened. After the manual_control_start event is fired, interface must execute the ShowBrowser method to transfer control to the user. This process is described in more detail in the manual, which has also been updated. In addition, you can use the code of automatically generated interface as an example, or simply leave the generated code unchanged:

    Video. Browser control and web interface:
    https://imgur.com/a/BJfurYo
     
    • Thanks Thanks x 2
  20. plantacja

    plantacja Junior Member

    Joined:
    Oct 12, 2007
    Messages:
    147
    Likes Received:
    40
    You guys rocks :)