1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Yahoo Account Creator Bot problems...need solutions.

Discussion in 'Visual Basic .NET' started by MarketerX, Oct 3, 2011.

  1. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    Hey everyone, I need to be able to create yahoo accounts for one of my bots, but I have noticed various things Yahoo has done to prevent this, hoping someone knows a way around them...

    Problem 1. When you create an account on yahoos registration page, the password and password confirm fields are encrypted by javascript before the POST request is made. This prevents me from being able to bot their reg page with Httpwebrequest/Httpwebresponse

    Problem 2. I decided in this case it would be ok to use the WebBrowser control, because of problem 1. However, when the registration page loads there seems to be a scripting error with the WebBrowser control and I am not able to get the captcha image from the pages source unless I click "OK" on a script error that always pops up, so basically it kills automation. I set WebBrowser1.SuppressScriptErrors = True and the error goes away, but the functionality isn't working properly if I do this (it won't extract the captcha img url with this set to "True"....)

    Can someone help?? Really need this. :)
     
    Last edited: Oct 3, 2011
  2. luccha

    luccha Regular Member

    Joined:
    Apr 18, 2009
    Messages:
    317
    Likes Received:
    93
    Occupation:
    Cron
    Location:
    On Earth
    I have a yahoo account maker bot. Message me if you need it.
     
  3. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    Ok...did you code it? Does it use the webbrowser control?
     
  4. christoss1959

    christoss1959 Senior Member

    Joined:
    Nov 25, 2010
    Messages:
    894
    Likes Received:
    1,150
    Home Page:
    There is an option to remove all javascript errors. I think I've used this in the past if I recall correctly:
    Web.ScriptErrorsSuppressed = True
     
  5. captchaman

    captchaman Junior Member

    Joined:
    Sep 16, 2010
    Messages:
    190
    Likes Received:
    842
    Occupation:
    Software Programmer
    Location:
    USA
    What encoding does it use, can you tell? If it's Yahoo64 then I have a class that will encode it.

    Another option is using HTTPWebRequest and loading a webbrowser control at runtime just to run the javascript of encoding the password, and then disposing it.

    You don't really want to be stuck with webbrowser do you? There are (almost) always ways around it.
     
    • Thanks Thanks x 1
  6. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    I actually tried exactly what you said pretty much...using HttpWebrequests to actually download the reg page source, and setting a WebBrowsers DocumentText property to the webresponse...then submitting it.

    And yeah, I really don't want to use a webbrowser control :)

    I am not sure what kind of encoding(encryption?) they use, is there any way to tell? Also, I was thinking of checking the HTTP headers with a generic password, then just using the encrypted value in the POST requests for all accounts. (but that would mean they would all have the same password.) I suppose I could collect a few of them after doing a couple minutes of analysis/header capturing.

    Think that would work?
     
  7. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    That would work, but it's not an ideal solution.

    Hmm I thought I used to be able to turn off javascript and signup, but it seems now you get redirected.

    Find the generated password then go here : http://insidepro.com/hashes.php. Enter in the UNHASHED password, and hit generate (Leave Salt and Username empty), and see if it matches any of the generated passwords. If it does, then you will know the algorithim they use, and you should be able to find C# code to do it.

    Are you able to post the javascript here in a code block so the rest of us can see?
     
    • Thanks Thanks x 3
  8. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    Hey pyro, after talking to captchaman via PM's, he sent me his POST header and it submits his POST password values in plaintext...but when I logged my headers about a week ago those values were being encrypted clientside....

    So I'm going to have to check it out again, and even if it does encrypt them, I will code my bot and just have it submit plaintext and see if it works.

    And yeah, turning javascript off was the first thing I tried...dead end :saeek: Thank you very much for the link though, that will come in handy.
     
  9. captchaman

    captchaman Junior Member

    Joined:
    Sep 16, 2010
    Messages:
    190
    Likes Received:
    842
    Occupation:
    Software Programmer
    Location:
    USA
    I spent a couple of hours the other night after I sent those to you trying to re-code my account creator to use edit.yahoo.com, but it appears they have a new CAPTCHA solving system fighting system in place (?) which works by simply telling you that you've entered an incorrect CAPTCHA until you enter it a few times, even though it was the correct CAPTCHA you entered. I talked to someone else and they said that Google has been doing the same thing. So if it's true, then we have something entirely new to work around.
     
    • Thanks Thanks x 1
  10. captchaman

    captchaman Junior Member

    Joined:
    Sep 16, 2010
    Messages:
    190
    Likes Received:
    842
    Occupation:
    Software Programmer
    Location:
    USA
    Alternatively this still works (for now).

    Connect to
    Code:
    http://edit.india.yahoo.com/config/isp_ab_url?.format=jpg
    (other servers this works(ed) on are edit.yahoo.com and edit.europe.yahoo.com) and get your "B" cookie and the data between "url: " and "secdata: ", we'll call them "url" and "secdata" respectively

    Download and solve "url"

    Then send this in a GET request:

    Code:
    http://edit.india.yahoo.com/config/isp_create_user?l=[username]&p=[password]&secret=[Answer to secret question]&hint=[Secret question]&fname=[First name]&lname=[Last name]&secword=[CAPTCHA answer]&secdata=["secdata"]&memdir=n&spam=n&zip=[US zip code]&bd=[Birthday in this format: 1986,December,11]&sex=[sex (m/f)]&em=&intl=us&.ym_signup=y&token=1&.src=pg
     
    • Thanks Thanks x 2
    Last edited: Oct 6, 2011
  11. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    Wow captchaman, you rule!! Extremely helpful post!

    EDIT: +rep for sure...would hit the "Thanks" button a couple more times if I could :)
     
    Last edited: Oct 6, 2011
  12. MarketerX

    MarketerX Regular Member

    Joined:
    Mar 7, 2010
    Messages:
    398
    Likes Received:
    120
    Hmmm...that doesn't seem like a big issue, will just make the decaptcher bill higher, since you have to solve more captchas per account, right? Annoying though. :eek:
     
  13. Hydrogen

    Hydrogen Newbie

    Joined:
    Dec 30, 2009
    Messages:
    39
    Likes Received:
    23
    Occupation:
    Co-Owner of AdvertMarketing
    Home Page:
    well decaptcha API has a option to reject a solved captcha based on it not working or being entered incorrectly you can detect a bad solve and get your money back on it. However decaptcha may not like this due to the fact that yahoo/google is rejecting perfectly good captcha solves to help you increase your automated solving services bills. It's up to you but a option you have.
     
  14. luccha

    luccha Regular Member

    Joined:
    Apr 18, 2009
    Messages:
    317
    Likes Received:
    93
    Occupation:
    Cron
    Location:
    On Earth
    No i didn't code it. It was available freely and I downloaded it from somewhere.