1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mass youtube account generator

Discussion in 'Programming' started by UltraMysterious, Nov 11, 2017.

Tags:
?

This is my first post - how would you rate it?

  1. Not clear enough

  2. Too much information

  3. Seems good c:

Results are only viewable after voting.
  1. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    Hi All,

    I'm making a mass youtube account generator and have had success with a system which mimics human mouse movements by clicking on the page elements and sending keystrokes to fill out random information. However, it takes time and I would like it to run a lot faster, so I looked into sending the post requests directly, which would be a hell of a lot faster.

    To begin, I changed the form method on accounts.google.com/signup from 'post' to 'get' to see the fields which were passed. When I entered this information into a post utility online, the response was the content of accounts.google.com/signup, meaning it didn't let me move on to the next page which is phone verification.

    Here are the test values I used with Content-Type: application/x-www-form-urlencoded:

    timeStmp=1510412433018
    secTok=.AG5fkS_ThPLevf7mcaNj0aUeqsgaNodeiA%3D%3D // taken from sign in page
    dsh=-5878283877936222433 // taken from sign in page
    ktl=
    ktf=
    _utf8=%26%239731%3B // snowman character for some reason
    bgresponse=js_disabled
    FirstName=UltraMysteriousXYZ
    LastName=Spoopingtons
    [email protected]
    Passwd=UltraMysteriousXYZSpoopingtons
    PasswdAgain=UltraMysteriousXYZSpoopingtons
    BirthMonth=01
    BirthDay=12
    BirthYear=1992
    Gender=FEMALE
    RecoveryPhoneCountry=GB
    RecoveryPhoneNumber=
    RecoveryEmailAddress=
    CountryCode=GB
    timeStmp2=1510412436018 // a little while later than timeStmp so it seems time has been taken
    secTok2=.AG5fkS8nN3CgR079tyM_-PAW2lf3ps3LqQ%3D%3D // taken from sign in page
    submitbutton=Next+step

    I noticed there's a cookie called GAPS whose value changed when I clicked out of certain elements, as if it was storing my actions

    The user agent field was User-Agent: runscope/0.1, I already have working code to fake my user agent if this is the issue.

    Any help towards figuring out what needs to be done to get this working would be greatly appreciated. My concern is that there's some js behind the scenes monitoring the user's mouse movements, with their servers denying account creation requests unless there has been sufficient and non-robotic mouse movement on the page. If this is the case, I'm sure I can invoke some functions to get things working, but naturally I don't want to have to look into that if I don't need to c:
     
    Last edited: Nov 12, 2017
  2. u2u2u2

    u2u2u2 Registered Member

    Joined:
    Jan 15, 2017
    Messages:
    87
    Likes Received:
    9
    Gender:
    Male
    Google detects if you use bot. I have tried mouse movement but no effect.
     
  3. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    5,950
    Likes Received:
    1,432
    your need ppl to try the accounts to make sure there not ban in anyway
     
  4. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    I had that issue until I changed my user agent, then it worked fine. Perhaps make your mouse movements random and smoother
     
  5. u2u2u2

    u2u2u2 Registered Member

    Joined:
    Jan 15, 2017
    Messages:
    87
    Likes Received:
    9
    Gender:
    Male
    Only coz you changed ua. Mostly depends on ip and browser. Changing browser / ua can help .
     
  6. u2u2u2

    u2u2u2 Registered Member

    Joined:
    Jan 15, 2017
    Messages:
    87
    Likes Received:
    9
    Gender:
    Male
    I think pv can be avoided if you're really good with js. I was able to send verification code many times to a number which Google wasn't accepting.
     
  7. Neon

    Neon BANNED BANNED Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    3,107
    Likes Received:
    7,705
    Gender:
    Male
    10/10 sir really good
     
    • Thanks Thanks x 1
  8. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    So you were able to get google to text a notification code to a phone infinitely many times? I would have thought they would check the number of verifications in php or otherwise out of the client's control.
     
  9. frzs90

    frzs90 Registered Member

    Joined:
    Oct 10, 2016
    Messages:
    68
    Likes Received:
    26
    Beating Google's bot-detection will require a ton of time and experience. The best programmers in the world work there, you know. :)
    I think the only way to achieve good results would be to use an automated headless browser, on multiple threads and multiple (clean) IPs, with randomized behavior.
    They may not just track mouse movements, average time spent on pages, but the security tokes you found are most likely for one use only, linked with your IP, browser and OS fingerprint, etc..
     
  10. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    200
    Likes Received:
    110
    Gender:
    Male
    Sorry but you clearly don't have anywhere near the experience required to do what you are trying to do...

    Better spend your time on something else.
     
    • Thanks Thanks x 2
  11. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    That’s the wrong attitude to have Brian. Without trying, you can never get experience in the first place. I have a strong development background and I’m clearly capable. My account generator has generated 30 accounts so far using lots of different proxies and phone numbers for verification. I also have some very experienced and intelligent programmers where I work who would be glad to help.

    And I’m not the kind of person to give up, ever.
     
    • Thanks Thanks x 8
  12. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    200
    Likes Received:
    110
    Gender:
    Male
    Yes, but I can tell you in advance that you aren't gonna defeat their botguard (you're still worrying about your user agent lol).
    Trying to create google accounts with raw web requests in 2017 is like mining bitcoins on an Atari.

    I mean, your techniques are clearly outdated. You're changing the form method from POST to GET to see the arguments being sent?
    What?!?! Why not just inspect the web traffic which you'll need to do anyways due to ajax requests.

    Just giving you the honest truth here - no offense intended.
     
    • Thanks Thanks x 1
  13. Lothric

    Lothric Junior Member

    Joined:
    Apr 25, 2017
    Messages:
    137
    Likes Received:
    23
    Although Brian was little bit sarcastic, I have to agree with him.
    Mass creating Google accounts in 2017 won't happen unless you are genius code exploiter. I mean it. You should be at least be genius to breach their system.
    Have you looked at their PV system? I'd say it's extremely difficult to fool that system. You'd need thousands of whitelisted real simcards as a nicely automated system but that costs tons of money.
    Of course if you don't leave ANY Fingerprint in the creation process, they won't give you PV but i don't think it's possible. It's 99% likely they are using tons of fingerprinting system that I won't even bother to try breaching their system.
    My advice : "Don't wake up the sleeping big lion! You'll get hit very, very hard" :p
     
  14. Mr sow

    Mr sow Junior Member

    Joined:
    Aug 24, 2014
    Messages:
    100
    Likes Received:
    22
    google is very smart.unless you are using some bots that works like a human

    i think this can work maybe
     
  15. Lothric

    Lothric Junior Member

    Joined:
    Apr 25, 2017
    Messages:
    137
    Likes Received:
    23
    See, this is the reason you guys really should stop wasting time on messing up with G
    If you could only imagine implementing this huge kind of project like mouse emulation when you could easily bypass this with tablet, android, then maybe it's time to consider doing other healthier things
     
  16. Mr sow

    Mr sow Junior Member

    Joined:
    Aug 24, 2014
    Messages:
    100
    Likes Received:
    22
    that's a good idea, also when the devise is tablet or mobile you don't get captcha and things like that .
    good idea
     
  17. Steven Taylor

    Steven Taylor Registered Member

    Joined:
    Sep 13, 2017
    Messages:
    90
    Likes Received:
    6
    Gender:
    Male
    interessting .. keep in touch
     
  18. ZennoScripts

    ZennoScripts Regular Member

    Joined:
    Aug 21, 2015
    Messages:
    203
    Likes Received:
    72
    Location:
    USA
    In order for you to beat Google you need to crack their BG response. Which is BotGuard. Botguard in and of itself is an amazing piece of software. Google literally created their own Javascript virtual machine for compiling and handling BG responses on the fly.

    Say you try and create a Google account using your bot for typing/clicking and a little bit of scrolling. There might be 30 other things Google is looking at that you can't even imagine.

    Screen Color, other Google cookies, other Google adsense cookies, random plugins, the list goes on and on.

    The key thing people don't realize about taking on BG.response is actually quite simple. It's a matter of AI + Reverse engineering what inputs/data they are collecting to input into their BG.response code generator.

    I used to automated Youtube Account generation back in 2014 and could do it all 100% non-pva. With typing/clicking as you are testing right now. You need to dig deeper and find a much more custom browser so you can edit/see what Google is sniffing around for. I'd say its 100% possible to automate creating accounts, just takes a whole new set of skills that not a lot of people have.

    I to this day want to automate/fake cookies in a browser, I read in a thread about someone managing to break Recaptcha using their audio only captcha. They said in that thread that 5-6 days of normal browsing seemed to calm down Google's recaptcha difficulty in recaptcha. There's a hint of what Google might be looking into when it comes to creating accounts.

    Say for example it might be Google is looking into cookies. Most account creators now a days, clear their cookies before making an account. What if we were to generate/simulate dozens of cookies from thousands of different sites. Mix that with a concoction of everything else. Might be what people need to make accounts. ;)
     
    • Thanks Thanks x 2
  19. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    You see, I have a very rare advantage and that’s that I work for a telephone company so I have access to millions of numbers. I’ve automated a system which assigns myself a block of numbers, routes them to a single telephone with a pager on and call recording. This then gets sent to my email address. I then tried to create voice recognition software but it doesn’t understand certain numbers. If I could get that working reliably, I would have a system which completes the account creation form, enters a number, receives the call and turns the recording into the code, enters it, submits and stores the login credentials. That voice recognition issue is the only thing in the way of a completely automated system
     
  20. UltraMysterious

    UltraMysterious Newbie

    Joined:
    Nov 11, 2017
    Messages:
    35
    Likes Received:
    9
    Gender:
    Male
    I use chrome and it obfuscates certain post data. Changing it to “get” lets me see the real values. There’s a reason for doing everything