EVERYTHING AVAILABLE😘

🌀 CONFIG GUIDE | GOOD GUIDE FOR BEGINNERS 🌀

AKAMAI AND STATIC VARIABLES
Okay first offs, static variables are terrible. What I mean by this is static cookies, csrf tokens, AKAMAI COOKIES FOR FUCK SAKES, x-acf-sensor-data and shit like that. Some sites use static variables, but most don't. Take for instance this config:

As you can see, this "config maker" uses a static akamai cookie along with static akamai-bmp sensor data (red and dark blue). They're also using a static sig (light blue) and static unix (light blue). I'm not sure about the other headers as I haven't attempted Zalando before due to their akamai-bmp. The other headers may be static but as I said, I'm not sure. Anyways, in case you don't know what akamai is, it's an anti-bot that prevents us config makers from sending requests to the login api. You need a specific cookie or sensor data in this case. Sensor data is used for apps (I haven't seen it in a website before, correct me if I'm wrong) whereas akamai on a website uses cookies and some other shit. Zalando also contains a signature and unix like Onlyfans. Using static variables like this will work for maybe 3 requests, but after that, it won't work and it'll more than likely lock your accounts. If you're going to attempt a site with akamai or app, I recommend trying to find an alt api unless you have the bypass (obviously). This not only makes you look bad as a config maker, but proves you don't have much knowledge in the config scene which isn't what you want for obvious reasons. You'll also be mocked by other config makers. You can identify akamai by looking in your httpsdebugger under the cookies section of the api you're looking at. It'll have a cookie called bm_sz. Sometimes you might be able to get an unenforced akamai site where it isn't actually enforced on their site despite them having akamai on there.

PARSING
When you're parsing a csrf token, make sure you place the variable name CORRECTLY into the token thing. Lets say hypothetically I parse a csrf token with the name "t" then I go and place the variable name under the csrf token as "<T>". This'll just give you <T> because the variable names are case-sensitive and the site will give you a response "csrf token wrong" or something along those lines (unless the site is fucked/has silent-ban). You need to make sure you parse all variables correctly and use the correct variable name otherwise problems will arise within your config.

UNIX
Unix is the number of seconds that have elapsed since 00:00 UTC on 1 January 1970. It's used in some sites, including Zalando. Openbullet has a feature in the function block where you can generate the current unix time. You can spot it by looking at the first two numbers, most commonly it has 10 numbers, however, sometimes it has 13 since some sites include the milliseconds. For example, 1632555366233, I'd just remove the first ten numbers and put your variable and leave the last 3 (doesn't always work I don't think).

PerimeterX
PerimeterX is sort of similar to akamai, however, they use (most commonly), a security where they redirect you to another page and make you solve a press & hold captcha and give you a cookie which gives you access to login. This is seen on many sites including Sams Club, StockX, Goat, Walmart, etc. As I said with akamai, I wouldn't try with it unless you have a bypass or you're trying to bypass it, just find an alt api. You can identify PerimeterX by looking at the cookies in your httpsdebugger. If the site has pxhd in the cookies, it has perimeterX. Very rarely, sites may have unenforced PX where you can send a request to the login api despite them having the PX cookie. That's extremely rare, but it doesn't hurt to try anyways.

Enjoy 👍❤️

www.tg-me.com/tw/EVERYTHING AVAILABLE/com.Everything_available_Stuffs/197

154 viewsSep 25, 2021 at 11:10

🌀 CONFIG GUIDE | GOOD GUIDE FOR BEGINNERS 🌀

AKAMAI AND STATIC VARIABLES
Okay first offs, static variables are terrible. What I mean by this is static cookies, csrf tokens, AKAMAI COOKIES FOR FUCK SAKES, x-acf-sensor-data and shit like that. Some sites use static variables, but most don't. Take for instance this config:

As you can see, this "config maker" uses a static akamai cookie along with static akamai-bmp sensor data (red and dark blue). They're also using a static sig (light blue) and static unix (light blue). I'm not sure about the other headers as I haven't attempted Zalando before due to their akamai-bmp. The other headers may be static but as I said, I'm not sure. Anyways, in case you don't know what akamai is, it's an anti-bot that prevents us config makers from sending requests to the login api. You need a specific cookie or sensor data in this case. Sensor data is used for apps (I haven't seen it in a website before, correct me if I'm wrong) whereas akamai on a website uses cookies and some other shit. Zalando also contains a signature and unix like Onlyfans. Using static variables like this will work for maybe 3 requests, but after that, it won't work and it'll more than likely lock your accounts. If you're going to attempt a site with akamai or app, I recommend trying to find an alt api unless you have the bypass (obviously). This not only makes you look bad as a config maker, but proves you don't have much knowledge in the config scene which isn't what you want for obvious reasons. You'll also be mocked by other config makers. You can identify akamai by looking in your httpsdebugger under the cookies section of the api you're looking at. It'll have a cookie called bm_sz. Sometimes you might be able to get an unenforced akamai site where it isn't actually enforced on their site despite them having akamai on there.

PARSING
When you're parsing a csrf token, make sure you place the variable name CORRECTLY into the token thing. Lets say hypothetically I parse a csrf token with the name "t" then I go and place the variable name under the csrf token as "<T>". This'll just give you <T> because the variable names are case-sensitive and the site will give you a response "csrf token wrong" or something along those lines (unless the site is fucked/has silent-ban). You need to make sure you parse all variables correctly and use the correct variable name otherwise problems will arise within your config.

UNIX
Unix is the number of seconds that have elapsed since 00:00 UTC on 1 January 1970. It's used in some sites, including Zalando. Openbullet has a feature in the function block where you can generate the current unix time. You can spot it by looking at the first two numbers, most commonly it has 10 numbers, however, sometimes it has 13 since some sites include the milliseconds. For example, 1632555366233, I'd just remove the first ten numbers and put your variable and leave the last 3 (doesn't always work I don't think).

PerimeterX
PerimeterX is sort of similar to akamai, however, they use (most commonly), a security where they redirect you to another page and make you solve a press & hold captcha and give you a cookie which gives you access to login. This is seen on many sites including Sams Club, StockX, Goat, Walmart, etc. As I said with akamai, I wouldn't try with it unless you have a bypass or you're trying to bypass it, just find an alt api. You can identify PerimeterX by looking at the cookies in your httpsdebugger. If the site has pxhd in the cookies, it has perimeterX. Very rarely, sites may have unenforced PX where you can send a request to the login api despite them having the PX cookie. That's extremely rare, but it doesn't hurt to try anyways.

Enjoy 👍❤️

BY EVERYTHING AVAILABLE😘