Draft:OpenBullet
| Submission declined on 31 January 2024 by Chetsford (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
|  |
 A screenshot of OpenBullet's user interface | |
| Initial release | May 2019 |
|---|---|
| Stable release | OpenBullet 2
|
| Repository | https://github.com/openbullet/openbullet (OB 1) https://github.com/openbullet/OpenBullet2 (OB 2) |
| Operating system | Microsoft Windows |
| Available in | English |
| License | MIT License |
| As of | January 2024 |
OpenBullet is an open source webtesting and penetration testing suite, available for Microsoft Windows, released in May 2019.[1]
Features[edit]
Requests[edit]
OpenBullet allows developers to send mass-requests, for the purpose of pentesting, on a target website.[2] C
Stacker and LoliScript[edit]
Using it's programming language options, such as LoliScript, users can create custom scripts to perform penetration tests against a target.[3] LoliScript also allows for users to parse the data into the "Hits" menu[4], which in the context of pentesting, can show valid credentials.[5] Stacker is a simpler layout for users to create configs with LoliScript, without learning the language. It works by using the Stacker interface, and using blocks (similar to ones in simple programming languages, such as Scratch) to execute actions.[5] It allows users to use features such as automated web browsing with Selenium or Puppeteer, and parsing JSON data pulled from the target.[3]
Captcha Solving[edit]
OpenBullet cannot inherently solve CAPTCHA tests, though in OpenBullet 2, it can connect to several external "CAPTCHA farm" services to solve them, bypassing anti-bot measures on websites.[6] This is typically a feature used in OpenBullet's usage in cybercrime, as it's legal applications are for personally-owned websites only.[7]
Cybercrime[edit]
OpenBullet is commonly used by cybercriminals to execute large-scale attacks at ease, for free.[1] These attacks mimic human behaviors, to make attacks look like they're coming from real users.[8] Using Selenium and Puppeteer, these requests can look even more real, as mouse movements can be controlled simply by code, instead of by a human.[9] The most common use of OpenBullet is credential stuffing attacks[10][2], which uses login data, taken from a data breach, to attempt to login to another service, where the user may potentially hold an account with.[11]
DraftKings Hack[edit]
In May 2023, Joseph Garrison, an 18-year-old from Wisconsin is charged with 6 counts of fraud, for using OpenBullet to hack DraftKings Sportsbook accounts[12], selling the accounts on his website, "The Goat Shop". He was successful in hacking 60,000 DraftKings accounts[13], amounting to $600,000.[14]
Malware[edit]
In August 2023, a malware campaign was distributed, pretending to be a legitimate, though illicit, OpenBullet configuration file, which was spread to several criminal networks.[15][16] The campaign distributed a RAT, or a remote access trojan, which aimed to steal critical data from the victim's computer. The configuration file downloads the "Ocean" dropper from a GitHub repository, and when then downloaded the actual malware on the victim's computer, from the same GitHub repository.[17]
References[edit]
- ^ a b "What is OpenBullet? Automated Attacks by Cybercriminals". Kasada. 2023-05-26. Retrieved 2024-01-30.
- ^ a b "OpenBullet 2.0 Automates Evasive Attacks, But They Can Be Detected — Here's How | Transmit Security". transmitsecurity.com. 2023-02-14. Retrieved 2024-01-30.
- ^ a b "OpenBullet - Stacker". openbullet.github.io. Retrieved 2024-01-30.
- ^ "OpenBullet - Usage". openbullet.github.io. Retrieved 2024-01-30.
- ^ a b "How Cybercriminals Abuse OpenBullet for Credential Stuffing". Trend Micro. 2021-04-30. Retrieved 2024-01-30.
- ^ "How OpenBullet is used to attack websites, and how to block it". DataDome. 6 April 2023. Retrieved 2024-01-30.
- ^ Davis, Emma (2020-07-22). "Hackers actively use the legal tool OpenBullet for account takeover (ATO)". How To Fix Guide. Retrieved 2024-01-30.
- ^ "What is OpenBullet? And How Do Cybercriminals Use OpenBullet for Credential Stuffing?". Kasada. 2023-05-15. Retrieved 2024-01-30.
- ^ "Mouse actions". Selenium. Retrieved 2024-01-30.
- ^ Miller, John (2021-04-07). "Credential Stuffing Tools and Techniques, Part 1". F5 Labs. Retrieved 2024-01-30.
- ^ "Credential stuffing vs. brute force attacks | Cloudflare". Cloudflare. Retrieved 2024-01-30.
- ^ "18-Year-Old Hacker Charged Over Theft Of 60,000 DraftKings Accounts". 2023-05-18. Retrieved 2024-01-30.
- ^ "18-year-old charged with hacking 60,000 DraftKings betting accounts". BleepingComputer. Retrieved 2024-01-30.
- ^ Alpert, Lukas I. "'Fraud is fun': Teen hacker charged with breaking into DraftKings accounts leading to theft of $600,000". MarketWatch. Retrieved 2024-01-30.
- ^ "No Honour Amongst Thieves: A New OpenBullet Malware Campaign". Kasada. 2023-08-02. Retrieved 2024-01-30.
- ^ "New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs". The Hacker News. Retrieved 2024-01-30.
- ^ Staff, S. C. (2023-08-08). "Malicious OpenBullet configs used in malware attack against new hackers". SC Media. Retrieved 2024-01-30.