Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 2298

[REQUEST] BURP SUITE PRO Carding API Loophole Requires Attention

by Stranger9000 - 27 June, 2021 - 10:53 PM
This post is by a banned member (Stranger9000) - Unhide
78
Posts
8
Threads
5 Years of service
#1
I've found that the AT&T's 'card save' API will allow infinite checks (with Burp Suite Pro) and save the card to your account when it finds an active/valid card (number, exp date, & cvv).  This won't stop the process, the intruder will continue to save more cards to your account the more it uncovers them.  It will also display the country/state origin the card was created.

I can't say for certain that it works 100%; Online purchases with collections gathered appears to be partially unsuccessful.  For example: I buy a macbook from the apple website with one of the collected cards and receive the 'Thank You' receipt, which validates the card's authenticity and authenticity of the balance it has inside.  But because of my history with Apple it cancels every time after a day or two.

Every website out there sees the cards as 'active' and 'legit' but tends to cancel payments so I assume my activity 'gets too hot'.  Unfortunately my Burp Suite license has expired and I don't understand how to crack it (or the method may have gotten old).  I'd like to continue my work until it succeeds so if anyone out there wants to team up/share notes I'd greatly appreciate a secondary license or assistance.

Thanks,
Noob Hacker
This post is by a banned member (OG_AlexMercer) - Unhide
This post is by a banned member (Stranger9000) - Unhide
78
Posts
8
Threads
5 Years of service
#3
(27 June, 2021 - 10:56 PM)OG_AlexMercer Wrote: Show More
Do you have discord i need to ask you some stuff

I do not use discord but feel free to private message me here
This post is by a banned member (Evil_Corporation) - Unhide
This post is by a banned member (EA7) - Unhide
This post is by a banned member (Shestaxx86) - Unhide
251
Posts
0
Threads
1 Year of service
#6
(27 June, 2021 - 10:53 PM)Stranger9000 Wrote: Show More
I've found that the AT&T's 'card save' API will allow infinite checks (with Burp Suite Pro) and save the card to your account when it finds an active/valid card (number, exp date, & cvv).  This won't stop the process, the intruder will continue to save more cards to your account the more it uncovers them.  It will also display the country/state origin the card was created.

I can't say for certain that it works 100%; Online purchases with collections gathered appears to be partially unsuccessful.  For example: I buy a macbook from the apple website with one of the collected cards and receive the 'Thank You' receipt, which validates the card's authenticity and authenticity of the balance it has inside.  But because of my history with Apple it cancels every time after a day or two.

Every website out there sees the cards as 'active' and 'legit' but tends to cancel payments so I assume my activity 'gets too hot'.  Unfortunately my Burp Suite license has expired and I don't understand how to crack it (or the method may have gotten old).  I'd like to continue my work until it succeeds so if anyone out there wants to team up/share notes I'd greatly appreciate a secondary license or assistance.

Thanks,
Noob Hacker

koo koo [Image: sheepe.gif]
This post is by a banned member (haama89) - Unhide
haama89  
Registered
2
Posts
0
Threads
#7
htcyfrrxc

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 3 Guest(s)