Download Mba Variables PDF

TitleMba Variables
TagsParameter (Computer Programming) String (Computer Science) Subroutine Variable (Computer Science) Boolean Data Type
File Size42.8 KB
Total Pages11
Document Text Contents
Page 1

MBA VARIABLES
Each not void variable is computed by the following relation:
Variable = Function1(Input1) Operator Function2(Input2).
A not void variable is a variable that does not call any void functions.
A void function is a function that executes some code but does not return any result.
For example the function ‘SetField’ does assign some value to the input selected for the
function, but does not assign any value to the variable in which ‘SetField’ is declared.
Although void variables can be called by other variables, it’s pretty useless to do so since
void variables will return always an empty string.
Void variables are computed in this way:
- Function1(Input1)
- Function2(Input2)
i.e. void variables correspond up to two lines of code IF two void functions are declared.
You cannot put in a variable both void functions and not void functions, so in the end you
can have two types of variables in MBA:
1) Void variables: variables that contain at least 1 void function. They execute some code
but do not return any result.
2) No void variables: variables that do not contain any void function. They execute some
code and are assigned to the value defined by the code execution. They can be reused by
other variables to further process the result.
A variable can be computed either in the login page stage or in the OCR stage or in the
intermediate action stage or in the post action stage or in the form redirect stage or in the
additional redirect stage.
The value computed can be used to modify all MBA stages, except of course the login
page stage.
In each stage the variables are computed until execution is completed (i.e. all the stage
variables have been computed) or a parsing error has been issued.
A parsing error can be issued either by a parsing input (see inputs context help for details)
or by the void procedure TriggerError (see functions context help for details).
If a parsing error is issued, then the flow of variable computations will be established by
the variable for which the parsing error occurred.
If the variable is a conditional variable (i.e. ‘ignore’ option checked) then variables
computation will continue.
If the variable is not a conditional variable (i.e. ‘ignore’ option not checked, default
setting) then variables computation will stop and the bot will generate a 404 parsing
error.
Moreover if the variable for which the parsing error occurred has the option ‘Stop’
checked, then all variables will be skipped until the resuming variable, i.e. a variables for
which ‘Resume’ option is checked, is found.
Finally a variable for which option ‘Loop’ is checked will mark a jump index that points
to the variable itself.
After a jump index has been stored, a jump event, that can be triggered by the void
procedure ‘Jump’, will cause the variables execution to be restored from the jump index.
It is also possible to nest multiple loops.

Page 2

VARIABLES STAGES
The stage tells Sentry when the variable has to be computed.
If the stage for the variable is set to login page, the variable is computed just after the
login page URL has been called.
f the stage for the variable is set to OCR stage, the variable is computed just after the
capctha image has been dwonloaded AND recognized.
If the stage for the variable is set to intermediate action, the variable is computed just
after the intermediate action URL has been called.
If the stage for the variable is set to post action, the variable is computed just after the
post action URL has been called.
If the stage for the variable is set to redirect URL page, the variable is computed just after
the redirect URL has been called.
The only variables that would need the redirect URL stage, are the ones used to configure
by variables the additional redirect URLs.
A variable is computed by using the status of the stage for which the variable has been
defined.
For example, if the stage for a variable is set to login page, then the variable will use, if
needed, the HTML Source of the login page and the value of Cookie set by the login
page, if any.
Finally if the stage for the variable is set to Additional Redirect, the variable is computed
for each additional redirect call.

Page 5

<- SHA(Input, HashSelect) -> Hexadecimal string ->
Computes the SHA hash of a string by using the SHA algorithm set by HashSelect.
HashSelect=1->SHA1, 2->SHA224, 3->SHA256, 4->SHA384, 5->SHA512, 6-
>SHA512_224, 7->SHA512_256.
HashSelect has to be assigned with the functions pair SetParameterIndex and
SetParameterValue.

<- PadHex(Input, PadDirection) ->
Pads a hexadecimal string with a zero only if the number of chars is odd.
If PadDirection = 0, the zero will be added from the right, if it is 1 then the zero will be
added from the right (i.e. the equivalent binary data will be shifted by four bits to the left
-> the equivalent integer will be multiplied by 16).
PadDirection has to be assigned with the functions pair SetParameterIndex and
SetParameterValue.

<- HexTo64(Input) -> Base64 string ->
Convert a hexadecimal string to a base64 string.

<- 64ToHex(Input) -> Hexadecimal string ->
Convert a base64 string to a hexadecimal string.

<- HexToString(Input) -> ANSI string ->
Convert a hex string to an ANSI string.

<- StringToHex(Input) -> Hexadecimal string ->
Convert an ANSI string to a hex string.

<- Encode64(Input) -> Base64 string ->
Convert an ANSI string to a Base64 string.

<- Decode64(Input) -> ANSI string ->
Convert a base64 string to an ANSI string.

<- StringLength(Input) -> integer string ->
Gives the number of chars in a string.

<- StringPos(Input,StrToSearch,StartPos) -> integer string ->
Gives the starting position of the string StrToSearch in the string Input searching from
position StartPos.
Initial position is 1. The function returns zero if StrToSearch is not found in Input.
StrToSearch and StartPos have to be assigned with the functions pair SetParameterIndex
and SetParameterValue.

<- StringExtract(Input,StartPos,Length) -> ANSI string ->
Extract a substring of Length chars from Input starting from StartPos.

Page 6

StartPos and Length have to be assigned with the functions pair SetParameterIndex and
SetParameterValue.

<- StringGen(Input,N) -> ANSI string ->
Joins Input by N times.
N has to be assigned with the functions pair SetParameterIndex and SetParameterValue.

<- StringReplace(Input,StringToFind,StringToReplace) -> ANSI string ->
Replaces all occurrences of StringToFind in Input with StringToReplace.
StringToFind and StringToReplace have to be assigned with the functions pair
SetParameterIndex and SetParameterValue.

<- StringInsert(Input, NewString, StartPos, Width) -> ANSI string ->
Insert NewString in the Input string starting from position StartPos deleting Width (can
be also zero) characters from the Input string starting from the same position.
NewString, StartPos and Width have to be assigned with the functions pair
SetParameterIndex and SetParameterValue.

<- Lowercase(Input) -> ANSI string ->
Converts all chars in Input to their lowercase version.

<- Uppercase(Input) -> ANSI string ->
Converts all chars in Input to their uppercase version.

<- URLEncode(Input) -> ANSI string ->
Encodes Input by using % encoding scheme.

<- LeftShiftString(Input) -> ANSI string ->
Shits to the start of the resulting string all chars whose ASCII code is not multiple of 2.

<- RightShiftString(Input) -> ANSI string ->
Shits to the end of the resulting string all chars whose ASCII code is not multiple of 2.

<- Ceil(Input) -> Integer string ->
Converts a float number to the next higher integer, i.e. Ceil(‘2.5’) = 3.

<- Floor(Input) -> Integer string ->
Converts a float number to the next lower integer, i.e. Floor(‘2.5’) = 2.

<- SetVectorSize(Input) -> vector of ANSI strings ->
Generates a vector of Input elements. Vector elements are initialized to ''Empty''.'

<- GetVectorSize(Input) -> Integer string ->
Gets the number of elements of vector Inputs.'

Page 10

VARIABLES ASSIGNEMENT
You tell Sentry how a stage configuration has to be modified based on the computed
variables. You can modify the following parameters for OCR stage, Intermediate Action
stage, Post Action stage, Form Redirect Stage and Additional Redirect Stages:
- POST Data (let’s call POSTDATA the value of this parameter before it is changed by
variables).
- Action URL (let’s call URL the value of this parameter before it is changed by
variables).
- Cookie (let’s call COOKIE the value of this parameter before it is changed by
variables).
- Header (let’s call HEADER the value of this parameter before it is changed by
variables).
For example, if you have assigned one of these parameters to a variable named "VAR",
which is equal respectively to Bruteforcer=MBA&coder=astaris, MBA.html, session =
MBA_OCR and UserAgent = MBA, you will get the following behaviour:
If the variable is assigned to POST Data, the final POST Data parameter will be
computed as "POSTDATA&Bruteforcer=MBA&coder=astaris".
- If the variable is assigned to Action URL, the final Action URL parameter will be
computed as "URLMBA.html".
- If the variable is assigned to Cookie, the final Cookie parameter will be computed as
"COOKIE; session = MBA_OCR".
- If the variable is assigned to Header, the final Cookie parameter will be computed as
"HEADER\nUserAgent = MBA" (with \n line break control char).

Page 11

ADDITIONAL REDIRECT STAGES
You can configure MBA additional redirect URLs too.
An additional redirect URL is called after a success key match, either upon post or after
the form redirect stage.
So you can have two behaviours:
- Post -> success key match -> call additional redirect URLs.
- Post -> redirect key match -> get form redirect URL -> success key match -> call
additional redirect URLs.
You can define how many additional URLs you want and MBA will capture keys from
each body received.
However if after the call to all defined additional redirect URLs no keys have been
captured, the combo will be moved to the "To Check" tab.
Otherwise the combo will be marked as a Hit and the keys captured saved.
Moreover you can link each additional redirect URL to MBA variables.
In particular you can assign the URL and the POST data parameters.
If you assign the POST data parameter to a variable, the additional redirect URL will be
called with POST method.
By linking the additional redirect URLs to MBA variables, you’ll get a conditional
redirect URL.
This means that the additional redirect URL will be called only if the variables assigned
to it have been successfully computed.
This is a feature that you must use when you don’t know how many additional redirect
URLs have to be called in order to get the full account details of the combo being tested.

Similer Documents