Making a functional configuration for UniBot

Note: You’ll need Google Chrome or Mozilla Firefox browser.

Let’s say we want to make a bot that will give a vote here (edit: choose another since this is closed):
http://visualstudio.uservoice.com/forums/121579/suggestions/7462243

First of all, we open UniBot and paste that URL into the first index:
Image

Then we open the browser and go to incognito/private browsing mode to be sure that none of the cookies exist. After that, we open developer console (Ctrl+Shift+I), select Network tab and then navigate to the above URL. We’ll see something like this:
Image

Now, we go to the top of the list on the right where is developer window and select the first item. A new window will show below, so we select “Headers” tab and then focus on “Response Headers”:
Image

For us the important thing will be “Set-Cookie” parameters, so we see that they’re two unusual (ID cookies):
__cfduid
_session_id

The response headers are also part of the [src], so we have to extract that two values from it using two regex commands below:

rg('[src]','__cfduid=(.*?);')
rg('[src]','_session_id=(.*?);')

We put these commands where they belong:
Image

Then we have to make these strings to be public, because we’ll use them in another indexes. For the each of them, go to options (“…”) and check “Public”:
Image

Now we’ll focus on the browser window and clear the items in the list by clicking here:
Image

After that, we should give a vote and catch that request. Click on the “Vote” button on the page and select a number of votes. We will now see this:
Image

You can see that the first item and after it another one in the list is a POST request. We click on the first and select again “Headers”, but we now focus on the “Request Headers” and notice these things:
Image

Number of occurrence
There is some another parameter (CSRF token) that we haven’t catched, and it must be in the page source if it wasn’t in the very first response header from above. We open up the page source (Ctrl+U) and find its value:
Image

We have now a problem with forming a command to extract that value from source. It can’t be like this:

rg('[src]','<meta content="(.*?)"','$1')

Since there are two meta content tags, the result would be the first: authenticity_token
We solve this by pointing out to start from the second result. Since the results start from 0, then for the second result command will be:

rg('[src]','<meta content="(.*?)"','$1',1)

We repeat the steps for making a public string from above, and we got now the current (but not final) look of the first index:
Image

If you have done all of this, you can select the second index:
Image

We’ll now back to the browser window and right click on the first item from the list, and select to copy link address:
Image

The URL is now copied into our clipboard. We paste it into the URL field in UniBot:
Image

Now, we back on the “Request Headers” in the browser below list, to look for the POST data that was sent:
Image

We’ll form it like this for the Post field in UniBot and ignore “debug” parameters:

site2=1&forum_id=121579

It will now look like this:
Image

Also, we must include as additional headers cookies (in strings “cfduid” and “sessionuid”) that we have extracted earlier, and the CSRF token:
Image

Now we’ll back on the browser. We will focus on the “Response Headers”, to see yet another unusual cookies (ID and for authentication):
Image

Again, we repeat the previous steps for making a public strings with these commands:

rg('[src]','_uservoice_uid=(.*?);')
rg('[src]','auth_token=(.*?);')

And after you have done all of that, the second index finally should look like this:
Image

Now, we click in the browser on the “votes.json” item in the list and focus on its “Request Headers”. We’ll see this:
Image

Again, we find its content in page source:
Image

We’ll use this command to extract it:

rg('[src]','client_key: "(.*?)"','$1')

We back to the first index and put that command into a new string, so it shoud look like this:
Image

Don’t forget to make that string also to be public!

Now, we back on the browser window again and copy link address of the “votes.json” from the list, and then paste it into the third index:
Image

Because it’s also a POST request, me must fill the Post field too. In the browser we focus again on the “Form Data” (below “Request Headers”):
Image

As you have seen eariler, we form request like this:

uninitialized=true&to=3&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=%oauthkey%

As usual, we fill the additional headers with needed data (but this time we add “uid” and “auth” string into the cookies), and we got this:
Image

Note: You can make all strings to be Crucial, if you want to see if commands for them work correctly.

And that’s it! 🙂 You can now test the config or pass it to someone to do it for you if you don’t want to search for proxy, since you’ve voted already from your IP (I don’t know will it work if you remove the votes in the browser, since it’s another session).

Leave a Reply

Your email address will not be published. Required fields are marked *