1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Alexa tool bar actually works and development ideas

Discussion in 'Black Hat SEO Tools' started by pwnphpbb, Oct 20, 2009.

  1. pwnphpbb

    pwnphpbb Newbie

    Joined:
    Oct 4, 2009
    Messages:
    16
    Likes Received:
    7
    Okay, there is a "super alexa booster" tool going around that is garbage. Use a packet sniffer, and see what it does... nothing. It pings alexa once, pings your site once, then puts on a show all day long making you think it is doing something. It is not. In fact, from wireshark, here is what the program does with alexa:

    Code:
    Get Request to data.alexa.com:
    
    Pq3b012ef000L8?cli=10
    &dat=snba
    &ver=7.0
    &cdt=alx_vw=20
    &wid=9521
    &act=20000000000
    &ss=1024x768
    &bw=1008&t=0
    &amznid=dexim-20
    &ttl=0&vis=1&rq=0
    
    
    That would be pinging google. Version 7 huh? Who is "dexim-20" with that amazon id?

    Looks pretty fishy. Well, I installed sparky for firefox, and took a look at what the real toolbar does. I have results for the same google request, and also a search for whitehouse, then to whitehouse.gov

    First, google:

    Code:
    data.alexa.com
    GET /data/UNIQUECOMPUTERID?cli=10
    &ver=spkyf-1.4.5
    &dat=ns
    &cdt=rq=undefined&wid=30546&s=200&ref=
    &url=http://www.google.com/ HTTP/1.1\r\n
    
    
    I haven't got to alexa's "ping" yet, but in a new browser session, those results are duplicated with the following change:

    Code:
    changes
    &cdt=rq=undefined&wid=19922&s=200&ref= 
    Notice the change to the WID. You will notice in following samples, that the WID stays the same during a browsing session. If a program were to imitate the toolbar program, it would have to have unique WID for each request and each IP.

    The Unique Computer ID, is a Unique ID given to each computer after an install. It would also have to be changed. Whereas the WID is a simple 5 digit numeric number, the computer ID may have some sort of algorithm to it. It's not Base64, if anyone has any ideas, let me know.

    That should also be changed every time. See the problems so far with the magical super alexa booster? Even though they have different IP's, it has outdated alexa tool bar codes, and the id's are consistently the same.

    We haven't even got to the more interesting stuff in my opinion yet.

    Here is an aol.com example for shits and giggles.

    Code:
    data.alexa.com
    GET /data/UNIQUECOMPUTERID?cli=10
    &ver=spkyf-1.4.5
    &dat=ns
    &cdt=rq=null&wid=30546&s=200&ref=
    &url=http://www.aol.com/ HTTP/1.1\r\n
    
    Very similar. Format is nothing crazy, should be easily imitated if the id's and what not could be sorted out.

    The whitehouse example, this shows the google request, and then the actual page request, and shows google as the "referrer"

    Code:
    GET /data/UNIQUECOMPUTERID?cli=10
    &ver=spkyf-1.4.5
    &dat=ns
    &cdt=rq=null&wid=19922&ref=&url=http://www.google.com/#hl=en&source=hp&q=whitehouse&aq=f&aqi=n1g6g*****=&fp=c807e9cc***** HTTP/1.1\r\n
    
    whitehouse in same req:
    [truncated]
    GET /data/UNIQUECOMPUTERID?cli=10
    &ver=spkyf-1.4.5
    &dat=ns
    &cdt=rq=1&wid=19922&s=200&ref=http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAo****&url=http%253A%252F%252Fwww.whiteh
    
    
    Some changes when using a referrer, but nothing that couldn't be handled for more simple requests like saying dmoz sent you.

    Now, let's move onto the alexa "ping"

    recovery.alexa.com is where this request is sent to.

    Code:
    HEAD /ping/?aid=UNIQUECOMPUTERID&plugin=spkyf-1.4.5&rnd=0.792***** HTTP/1.1\r\n
    HEAD /ping/?aid=UNIQUECOMPUTERID&plugin=spkyf-1.4.5&rnd=0.143***** HTTP/1.1\r\n
    
    The rnd= is a long decimal number, and is started at the beginning of a browser session and at some random interval.

    My hesitation with this, is depending on what this number is and how it's stored (could be just seeded random sure) how does that associate with the above WID and does this even matter?



    Lastly, it goes to widgets.alexa.com to what appears purely to get the information to display in the toolbar.

    Code:
    GET /traffic/sparky/?v=1&url=google.com HTTP/1.1\r\n
    
    also posts there
    POST /traffic/rankr/?ref=http://www.google.com/#hl=en&source=hp&q=whitehouse&aq=f&aqi=n1****&oq=&fp=***** HTTP/1.1\r\n
    
    
    Get request, not a problem, doesn't even send an ID or anything, no reason not to do that just in case it somehow tracks that information.

    However, the POST only happens on a search. Would appear to simply track keywords of the search and parameters sent to google. If you were to attempt to use this to do fake searches towards google and track them at alexa, this post would certainly be required. It would make sense to me this would be extremely valuable as it may help with certain keyword rankings potentially even on google depending on the real relationship between the two of them.



    I posted a work around that I use on a forum PM poster to bypass time limits. This hopefully would give a headstart on a REAL alexa booster program.

    I would love to help create it, this doesn't look hard... not at all.

    A simple winsock program, connects to a proxy, sends out the multiple tcp http requests, doesn't even have to do anything with the data, and moves onto the next one. With winsock, this could be multithreaded very easily.

    How do we get a huge list of proxies to use for this? samair and what not have tiny lists that don't scrape easily. If there were 10,000 proxies available, you could easily do 10,000 pings per hour if your connection was fast enough. It wouldn't use tons of bandwidth because you can see the requests above, they are tiny. You could just trash the information it sends back to you, that's not important.

    It's also not really pinging your website, so adsense or any advertising agencies couldn't be mad because the impressions are not artificially inflated. This only would talk to alexa. There is no way for alexa to actually know if someone visited your site or not. There is no way unless you had an alexa tracker or something built in. As far as I am aware, there is no such thing.

    So, if a few people would be interested in helping me test and develop, I'll work on this. You wouldn't need a major connection or anything, just windows and some development knowledge.

    Let me know if this helps.
     
    • Thanks Thanks x 4
  2. shawninohio

    shawninohio Registered Member

    Joined:
    May 9, 2009
    Messages:
    87
    Likes Received:
    10
    Occupation:
    Internet Marketer
    Location:
    In the Big OH
    It looks good dude...

    I'm not great on the development part..
    But I would love to help test it!!! :)
     
  3. pwnphpbb

    pwnphpbb Newbie

    Joined:
    Oct 4, 2009
    Messages:
    16
    Likes Received:
    7
    I'm already working on it. This is almost too easy once you understand it.

    Hardest thing will properly be doing referrals from other sites like g00gole or dm0z.

    The other hard thing is the proxy list. Please give me some suggestions for that. I can build in a scraper if we have nice big reliable lists.

    I am also working on testing automation of the proxy. Was thinking about scraping whatismyip.com before you send the ping to alexa, that way you can verify that the browsing IP is the same as the proxy IP. We don't need a browser agent because the toolbar doesn't send that information along.


    And yes, I know that alexa ratings are worthless... but, if for some reason they matter to you... here you go, an easy way to boost them. One of the biggest opportunities I could see is for ebay domain name sellers. Boost the rating into the 100,000 range, then make that a selling point on ebay. Sure it's blackhat... but you're not selling traffic, just the BS rating.
     
    • Thanks Thanks x 1
  4. currentnews

    currentnews Junior Member

    Joined:
    Jan 17, 2009
    Messages:
    116
    Likes Received:
    28
    Occupation:
    cleaning winchester
    Location:
    next to palin house
    @pwnphpbb, you got a point there, agreed what you are saying, lets get some cracking here but one thing alexa ratings are not worthless if you are running some blog or autoblog with textlinkads, i am not going to elaborate more, but when you really start using textlinkads, you will see the benefits. and how much alexa ranking are worth.

    On brighter side of life: " SSsssh.... there is a life beyond adsense"
     
  5. ch8878

    ch8878 Elite Member

    Joined:
    Mar 21, 2009
    Messages:
    2,242
    Likes Received:
    428
    Gender:
    Male
    Occupation:
    Gamer
    Location:
    Youtube
    Home Page:
    I dont know what your talking about super alexa booster does work my sites Alexa rank went from 20,000,000 - 10,000,000 over night but it is fishy because it asks for domain Username, and Password, and I asked about why it was doing this, and no answer back that is fishy !
     
  6. RoiBox

    RoiBox Registered Member

    Joined:
    Apr 4, 2009
    Messages:
    50
    Likes Received:
    79
    Occupation:
    Internet Entrepreneur
    Location:
    Gothenburg | Sweden
    My coder built a script years ago to one of our websites back then that emulated the alexa toolbar, so when the visitor visited our site the script pinged alexa from the visitors ip with all the requested info as if he/she had the toolbar ..

    Our ranking was counting down fast, so we had to only load it in the site randomly .. So it is a great way if you want your alexa value to be low and dont want to be caught .. =)

    So the safe way is to try and emulate the alexa toolbar .. =)
     
  7. pwnphpbb

    pwnphpbb Newbie

    Joined:
    Oct 4, 2009
    Messages:
    16
    Likes Received:
    7
    @currentnews. Am working on it now. Feel free to PM me and tell me I'm wrong about alexa and why :)

    @ch8878. I wouldn't be putting my username and passwords in anything that came off this forum... personally. Especially from the super alexa booster, that as mentioned many times before, if you packet sniff it, it's not doing anything...


    On a side note, prstorm. Same principal could be used, and I'd like to open the discussion more about referral spam. It would probably be a separate program, but with the same winsock principal, you could just say your site is the referrer, ping every website in the world. You wouldn't need tons of bandwidth because you aren't actually downloading their site. This technique is VERY old... does it have any worth at all?


    When I'm done, I'll post code and you can compile the programs yourself. That way you know there's nothing fishy in it.
     
  8. pwnphpbb

    pwnphpbb Newbie

    Joined:
    Oct 4, 2009
    Messages:
    16
    Likes Received:
    7
    @RoiBox. Very interesting. What language did you use if it was a few years ago? Php and would be serverside and not use the clients IP, and I don't know that javascript lets you send TCP information on their behalf. It would almost have to be activex?
     
  9. RoiBox

    RoiBox Registered Member

    Joined:
    Apr 4, 2009
    Messages:
    50
    Likes Received:
    79
    Occupation:
    Internet Entrepreneur
    Location:
    Gothenburg | Sweden
    We coded the website in php I know but I am nut sure about this function I think it was a combined solution with both php and javascript .. I can ask him next time I talk to him ..

    I think it was around 2004/2005 sometime ..
     
  10. ch8878

    ch8878 Elite Member

    Joined:
    Mar 21, 2009
    Messages:
    2,242
    Likes Received:
    428
    Gender:
    Male
    Occupation:
    Gamer
    Location:
    Youtube
    Home Page:
    Let me know how this goes I would love to try it out !

    By the way Alexa Booster been using it since the guy put it on here like a week, or two ago know its says free trial ended buy the full version problly is a scam for that guy to sell it know !

    So let me know what you come up with want to try it !
     
    Last edited: Oct 21, 2009
  11. currentnews

    currentnews Junior Member

    Joined:
    Jan 17, 2009
    Messages:
    116
    Likes Received:
    28
    Occupation:
    cleaning winchester
    Location:
    next to palin house
    @pwnphpbb, you are doing rite great waiting for any updates on this.
     
  12. lr2bmail

    lr2bmail Junior Member

    Joined:
    Oct 9, 2009
    Messages:
    121
    Likes Received:
    234
    Occupation:
    Webmaster
    Location:
    gaza
    Home Page:
    hi pwnphpbb see that >>>>>>:croc: it is garbage but it is work :D
    Good luck and wait for try it if you any thing But be careful not to be garbage :D and feel free to use my proxy list :rolleyes::rolleyes:


    Thank man could have been waiting for my reply before saying scam
    see my reply :nap:
    http://www.blackhatworld.com/blackhat-seo/1204191-post158.html
     
    Last edited: Oct 22, 2009
  13. Bompa

    Bompa Newbie

    Joined:
    Jan 4, 2007
    Messages:
    20
    Likes Received:
    2
    Occupation:
    besome1.info
    Location:
    Philippine Islands
    Home Page:
    pwnphpbb,

    Cool thread dude. Nice investigative work.

    My only contribution would be regarding referer log spamming. I have done my share,
    however, nowadays, it is not the server log that most webmasters are looking at, it's
    Google analytics. In a test I did last year of 12,000 domains, over 70% are using Google
    analytics, about 8% were using statcounter.com, and I also parsed for 4 or 5 other stats
    programs, but they amounted to only about 5% combined. The remaining are using
    awstats, etc, or are not looking at stats.

    Point is, if you can send fake traffic that will show in Google analytics, you can get others
    to link to your site eagerly, and possibly pay more for advertising on your site. The
    problem I had was that G stats only update every 24 hours so it was not easy to test. By
    that time, I had forgot what I was testing. :D

    good luck,
    Bompa
     
  14. pwnphpbb

    pwnphpbb Newbie

    Joined:
    Oct 4, 2009
    Messages:
    16
    Likes Received:
    7
    I can't edit my original post to put it up there, but the development version is ready.

    DEVELOPMENT VERSION OF MY ALEXA TOOLBAR FAKER IS READY! PM me for a copy.

    I can send it as the source code in txt files, or a compiled exe. You will need TABCTL32.OCX which is a windows OCX for tabbed display. Future aspirations for the program will be, well, at least a decent interface. Sucks right now of course. You can get the OCX by searching google, here is a link if you are lazy

    Code:
    http://www.ascentive.com/support/new/support_dll.phtml?dllname=TABCTL32.OCX
    I don't mind letting anyone that is interested test. Shoot me a PM. All I would ask, is that you keep a record of dates, and rank of your site.

    It's a little buggy right now with the way I'm verifying the winsock session, if it bombs out, just close it and open it again. It uses a list of proxies in a text file, feel free to use your own, I only have a few that will get old fast.

    Simple to use, change the domain name, and how fast you want to go, it is currently single threaded and I've tossed some delays in there, so you'll never be able to do the 3000 pings per hour at this point, but feel free to reach for that number.

    Hmmm.... what I need to do still on a punch list:

    Multi thread winsock connections.
    Redo select case if then for time delay
    Add in a reporting feature to display how many it's done and to dump the stats
    Add in random user-agent's, right now it just uses windows in english on ff 3.5.3
    Modify the IP check a little bit... right now it checks whatismyip to see if http ip = proxy ip, may want to change it so you specify your ip and as long as it does not equal that, okay it, because some proxies show a different ip which is not the proxy one, nor yours.

    I also plan to build a referrer spam function into the other tab, as well as saved controls and what not.
    That's the other thing, is save the URL and settings.

    Along with any other suggestions anyone has... please suggest and I will add them as we go.

    So, PM me, and I'll shoot it over to you. It is extremely alpha, so please do not share this, just refer people to me and I'll email it to you, all I ask is like I said, to keep track of your stats. I only get on a couple of times per day, so patience if I don't respond immediately!

    LMK thanks everyone.

    Just add on here, try the wireshark or other packet sniffers as well. If you don't understand the source code or don't know how to compile it, you can still see what the program is doing and compare it to what the alexa toolbar does.
     
    Last edited: Oct 23, 2009
  15. karum

    karum Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 9, 2008
    Messages:
    214
    Likes Received:
    45
    It shouldn't ping the links, it should use GET as method
    pwnphpbb: can you please send your software. I'm really inneed for alexa faker
     
  16. Infinity

    Infinity Registered Member

    Joined:
    Nov 13, 2008
    Messages:
    99
    Likes Received:
    9
    Occupation:
    The same as hobby :-)
    Location:
    Behind proxies :-)
    Great thread. Any progress on that tool?
     
  17. Grandslam

    Grandslam Senior Member

    Joined:
    Apr 23, 2009
    Messages:
    966
    Likes Received:
    313
    Anyone have a copy of this? It appears that the OP hasn't logged in since early November of 2009..
     
  18. jijikent

    jijikent Newbie

    Joined:
    Feb 19, 2009
    Messages:
    7
    Likes Received:
    0
    Good Question! Anybody got this?
     
  19. Kid Shaleen

    Kid Shaleen Regular Member

    Joined:
    Oct 29, 2009
    Messages:
    250
    Likes Received:
    63
    In the first post pwnphpbb wrote "The Unique Computer ID, is a Unique ID given to each computer after an install. It would also have to be changed. Whereas the WID is a simple 5 digit numeric number, the computer ID may have some sort of algorithm to it. It's not Base64, if anyone has any ideas, let me know."

    Offhand I can think of two ways of getting data about the uniqueness of the Computer ID:

    1) do a regular install. check ID

    2) do a second install on a different, preferably portable, browser. check ID

    3) compare the two IDs.

    Second method:

    1) install a Virtual Machine. install toolbar (isloated from the real machine). check ID.

    2) leave Virtual Machine. install toolbar (with real machine). check ID.

    3) compare IDs.
     
  20. MoneyMafia

    MoneyMafia Regular Member

    Joined:
    Dec 2, 2007
    Messages:
    290
    Likes Received:
    310
    For some reason I'm in a niche where advertisers check alexa ranking before buying anything so I need to show good numbers to this people :D and Im interested in working on this..
    Any others that twant to continue the development ?