BottingRocks @BottingRocks Twitter profile | Pikagi

Pikagi

BottingRocks

@BottingRocks

429

Followers

1

Following

2

Media

74

Statuses

Reversing antibots for fun and profit contact:code @botting .rocks

https://t.co/6yKNPunxsc

Joined September 2019

Don't wanna be here? Send us removal request.

Pinned Tweet

@BottingRocks

BottingRocks

5 months

I just finished watching Datadome's Navigating Bot Threats: Key Findings From Analyzing 14,000+ Popular Websites in US & EMEA. Here is a quick break down. During the first 5 minutes the Head of Corporate Marketing introduces Antoine Vastel and asks his audience if they had any

2

2

40

Last Seen Profiles

@WeirdoGhostGang

@Tante_Binal69

@Colts

@tahirkalkanurfa

@sZM1EISrzutlMm

@jendlouhyhc

@d11Rw9GUoRqoU2

@AYC_Hub

@lexiehulll

@MonkeyMorey

@KarateCombat

@Ivone_Fachada

@kumawatwalas

@sKrape0082007

@fiakos3viandes

@Muhamed2Younis

@yenthao691_26

@shadowoftheali

@MINATO51775666

@iEmiiilyy

@HHJ_Data

@curatedxyz

@wontama

@DegoBbc

@mylanstyy

@dul_turkporno

@soccernp

@uncclearn

@silksunmi

@ir_kalles

@kingsthenorth

@storyblok

@uyenthu053_26

@TETUmag

@JionteJones

@Neformatws

@BottingRocks

BottingRocks

6 months

Here is some shit I learned about reversing antibots(web not mobile) for some years. As someone that came from years of coding in Python to literally not coding in Python, you must learn Javascript there is no ifs or buts. You just have to. You are going to start reading a lot

2

4

67

@BottingRocks

BottingRocks

7 months

There are currently 7 major anti-bots that protect all the major sites: - Akamai - PerimeterX(Human) - Incapsula(Imperva) - ShapeSecurity(F5) - Datadome - Cloudflare - Kasada. Only 3 out of those 7 have their client-side(JS) scripts executed on a dynamic custom obfuscated VM.

4

0

34

@BottingRocks

BottingRocks

5 months

You know is very interested to see how much the bot landscape has changed over the last few years and the level of sophistication that it has evolved to. Back when I started all you had to do was clear your cookies and get rid of your flash cookies. Fast forward a few years

4

8

38

@BottingRocks

BottingRocks

1 year

Incapsula open-source generator.

Tweet card media

GitHub - BottingRocks/Incapsula: Incapsula Payload Generator for Reese84 and __utmvc

Incapsula Payload Generator for Reese84 and __utmvc - BottingRocks/Incapsula

4

1

32

@BottingRocks

BottingRocks

6 months

ShapeSecurity's Javascript VM: Part 1

Tweet card media

ShapeSecurity's Javascript VM: Part 1

Intro ShapeSecurity's Javascript Virtual Machine(VM) has a remarkable reputation for being extremely hard to bypass and reverse. Their primary clients consists of corporations that require the...

www.botting.rocks

3

0

27

@BottingRocks

BottingRocks

6 months

I am giving the people what they want. Bringing back my blog and I will be posting my old pooky articles. Plus a new series on ShapeSecurity will be released soon after that. I will deal with the optics and design of the blog after I get some DNS issues resolved.

5

0

21

@BottingRocks

BottingRocks

4 months

As I take a sip of my morning coffee and read the front page of /r/webscraping I suddenly become bewildered by the amount of woefully ignorant people believing that all you need is "Selenium Base" and some "rotating" proxies to get around the most protected sites on the internet.

6

4

21

@BottingRocks

BottingRocks

7 months

There is no fucking way Arkose Labs believes their solution adds less friction than Shape. Shape doesn't even use CAPTCHAS or user challenges, everything they do is frictionless.

Tweet card media

Arkose Labs vs F5 Shape

www.youtube.com

4

1

17

@BottingRocks

BottingRocks

6 months

Some people have asked me why I had such a long absence from twitter. The truth of the matter is burn out and running out of fuel. I came into the sneaker dev industry in mid 2019 and arrived at a server dedicated to botting supreme. At that time, supreme had an custom anti-bot

1

0

16

@BottingRocks

BottingRocks

6 months

ShapeSecurity's Javascript VM: Part 3

Tweet card media

ShapeSecurity's Javascript VM: Part 3

Intro Okay, now that we have finished talking about the VM Machinery in part 1 and the VM Data in part 2, we have finished the preliminary parts. It's time to delve deeper into the ops from OPS_FUN...

www.botting.rocks

0

0

16

@BottingRocks

BottingRocks

4 months

Damn is interesting to see how far BrightData has come. I used to know them as the guys from Eastern Europe running the Hola VPN guys. They went from a simple VPN provider to selling residential/data center/rotating proxies to selling unblocker APIs for popular antibots. They

0

0

15

@BottingRocks

BottingRocks

6 months

Today I learned by reading Kasada's Quarterly report(Q4) that: 1. CapSolver claims to do 1 billion requests a day, essentially making them close around $500 millions of dollars in revenue. 2. Why @levi_nz exiled them from the sneaker dev server, because they were selling to

0

0

13

@BottingRocks

BottingRocks

6 months

ShapeSecurity's Javascript VM: Part 2

Tweet card media

ShapeSecurity's Javascript VM: Part 2

Intro In previous part, we talked about the VM Internals especifically about the VM Machinery. This second part we are going to talk about the VM Data and how they work together with the VM Machine...

www.botting.rocks

0

0

9

@BottingRocks

BottingRocks

6 months

Ladies and gentlemen if you are going to reverse obfuscated Javascript, please spend some time learning Babel or some other Javascript AST parser. Don't be like this guy relying on public open-source Javascript obfuscators.

@Dinosn

Nicolas Krassas

6 months

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript

1

3

6

1

0

9

@BottingRocks

BottingRocks

5 years

Pooky Control-Flow Flattening - Part 3

2

0

11

@BottingRocks

BottingRocks

4 years

How to push an element to an array by ShapeSecurity. var foo = []; foo[foo.length] = "bar"; Object.defineProperty(foo,1 , { writable: true, configurable: true, enumerable: true, value: "bar2" });

4

0

6

@BottingRocks

BottingRocks

6 months

DNS issues were finally resolved! I restored the Pooky articles I wrote 4 years ago: Part 1: Part 2: Part 3:

Tweet card media

Pooky Control-Flow Flattening - Part 3

For Part 3 of this series, I'm going to pick up from where I left off. This means I will be going into detail over what the State, Ending State, Starting State, and Transitions are. Note: Read Part 1...

www.botting.rocks

0

0

6

@BottingRocks

BottingRocks

6 months

Hey good morning USA I've got a feeling that it's gonna be a wonderful day. This is my personal twitter account: Please follow so I can follow you back. Part 4 is coming, its coming very soon.

Erik Dominguez (@ErikDominguez00) on X

Security Researcher with a knack for reversing Javascript obfuscated systems. I also like Poker.

0

0

5

@BottingRocks

BottingRocks

5 years

@blastbots @uhavewon @R8T3D @Sneakerbotics Thanks man I appreciate all the mentions you've done. You are single single-handedly growing my twitter account. I believe that this community is too stingy and greedy, that shares very little and expects to extract a lot of dollars right away from users.

1

0

4

@BottingRocks

BottingRocks

5 months

Some HackerNews people have started calling these services as "Abuse As a Service".

0

0

4

@BottingRocks

BottingRocks

7 months

@evertus_ What would you like me to blog about for 2024?

3

0

4

@BottingRocks

BottingRocks

5 years

Coming up: Pooky Control-Flow Flattening - Part 3 on 01/06/2019.

0

0

4

@BottingRocks

BottingRocks

4 months

The average poster on /r/webscraping has their confidence extremely high but their experience is close to none.

Tweet media one

0

0

3

@BottingRocks

BottingRocks

1 year

@discord @discord_support please respond to tickets 38609402, 38609430, 38609642 . I need my account back.

1

0

0

@BottingRocks

BottingRocks

5 years

Pooky Control-Flow Flattening - Part 1

0

0

3

@BottingRocks

BottingRocks

6 months

Which of these 4 antibots do you find the hardest to reverse?

Incapsula

10

Datadome

21

Cloudflare

58

PerimeterX

29

1

0

2

@BottingRocks

BottingRocks

5 years

@blastbots @uhavewon @R8T3D @Sneakerbotics I intend of finishing the Pooky series which will be around 20-25 posts, as there is a lot to talk about. I want build the trust and confidence of the sneaker botting community by offering topics in sneaker botting with videos and blog posts. Not just start with another bot .

0

0

2

@BottingRocks

BottingRocks

4 years

@the_moisrex That looks like it's obfuscated with Imperva uses the same public open-source obfuscator to "protect" their code.

1

0

2

@BottingRocks

BottingRocks

5 months

@evertus_ @x_auth_req I gotta eat too!

1

0

2

@BottingRocks

BottingRocks

5 years

Pooky Control-Flow Flattening - Part 2

0

0

1

@BottingRocks

BottingRocks

7 months

@InfoSecSam I hope they don't follow the same footsteps as some "frictionless" anti-bot of outsourcing their engineering team to India or something of that sort.

1

0

1

@BottingRocks

BottingRocks

5 months

@authcookie Yeah and all of the bot traffic they stop they believe is all done done by script kiddies and traffic from botnets. Very few of them mention that the same techniques you use to stop bots can also be used to stealthy pass their securities.

0

0

1

@BottingRocks

BottingRocks

6 months

@Dinosn You know there is a library that exists called Babel that could help you deobfuscate the Javascript.

0

0

1

@BottingRocks

BottingRocks

5 months

@x_auth_req I'm finishing up my ShapeSecurity gen

2

0

2

@BottingRocks

BottingRocks

6 months

@solvingKasada I am going to upload my old articles back then work on getting part 1 for the ShapeSecurity articles posted early this week

1

0

1

@BottingRocks

BottingRocks

5 years

My journey to reversing #Pooky has started

1

0

1

@BottingRocks

BottingRocks

5 months

@PierreDeWulf BrightData must have a big enough war chest to go toe to toe with these behemoth corporations. They really are taking one for the team( scraping).

1

0

1

@BottingRocks

BottingRocks

5 years

Coming up: Pooky Control-Flow Flattening - Part 2 on 12/28/2019. Tune in every week as am going to be posting regular content for y'all.

0

0

1

@BottingRocks

BottingRocks

4 months

@internalises The whole point of bypassing antibots is to become stealthy and look like a human not a bot. Using things like out-dated UA or tor proxies becomes counter productive.

0

0

1

@BottingRocks

BottingRocks

4 months

@InfoSecSam I guess they believe Devin or ChatGPT are going to start bypassing anti-bots next year.

1

0

1

@BottingRocks

BottingRocks

6 months

@CA00FF Oh shit! Okay is fixed, was incorrect it was supposed to be I fixed it. Sorry about that.

1

0

1

@BottingRocks

BottingRocks

5 months

@kursan88 Thanks man I appreciated

0

0

1

@BottingRocks

BottingRocks

5 months

Here is the link to the webinar

Tweet card media

Navigating Bot Threats: Key Findings From Analyzing 14,000+ Popular Websites in US & EMEA

Dive into the crucial findings of our comprehensive Bot Security Reports, uncovering the pressing challenges and emerging trends in bot security and online fraud protection.

0

0

1

@BottingRocks

BottingRocks

5 years

Next post coming up: Pooky Control-Flow Flattening

0

0

1

@BottingRocks

BottingRocks

7 months

@evertus_ That's a good idea

0

0

1