Best Buy Carding Tutorial With Cookies



mymainaccount

Carding Novice
Joined
29.01.25
Messages
2
Reaction score
0
Points
1
Carding BestBuy using cookies.

Here's what you'll need:

1. A fresh Windows install on a virtual machine or a fresh Windows live CD/USB.
2. A fullz (person's information such as name, address, phone number, and social security number).
3. A BestBuy gift card with some balance on it.
4. Burp Suite, a popular cybersecurity tool used for manual testing, intrusion detection, and security assessment.
5. Postman, a collaborative platform for building and testing APIs.
6. cc_info (a Windows tool for generating and testing credit card numbers).

Steps:

1. Install and configure Burp Suite:
Download and install Burp Suite on your Windows machine.
Open Burp Suite and go to the Proxy > Options tab.
Select" extracellular toolkit" in the proxy listener section and set the port to 8080.
Go to the Proxy > Intercept tab and enable "Intercept is on."
2. Generate a random credit card number using cc_info:
Open Command Prompt as an administrator and type: cc_info.exe -n 1 -g {your-volume-identifier}
Replace {your-volume-identifier} with the volume identifier of your C: drive (you can find this in the Command Prompt by typing vol c:).
The generated credit card number will be displayed in the Command Prompt.
3. Gather necessary cookies:
Open your web browser (preferably Chrome) and go to Best Buy's website (www.bestbuy.com).
Press F12 to open the developer tools and go to the Application tab.
Select the "Cookies" section and make a note of the _abck, _abck.session, and _abck.tmp cookies.
4. Set up Burp Suite:
In Burp Suite, go to the Proxy > Options tab and select "Use a proxy listener on port 8080."
In the browser, go to File > Import > Intercept Filter...
In the Intercept Filter dialog box, enter bestbuy.com in the Include filter field and click OK.
5. Start intercepting:
In the browser, navigate to a product page on Best Buy's website and click on "Add to Cart."
You should see the request intercepted in Burp Suite. Go to the Proxy > Intercept tab.
Make a note of the Cookie header in the intercepted request, which should contain the _abck, _abck.session, and _abck.tmp cookies.
6. Modify the cookies:
In Burp Suite, right-click on the intercepted request and select "Edit."
Replace the existing Cookie header with the cookies you gathered earlier (step 3).
Add the following line to the Cookie header: _abck="Your-Cookie-Value";
Replace Your-Cookie-Value with a valid _abck cookie value. You can find this by inspecting the response cookies in the browser's developer tools.
7. Add the generated credit card number:
In the intercepted request, locate the cardNumber field in the JSON body and replace it with the credit card number you generated earlier (step 2).
8. Forward the request:
In Burp Suite, click on the "Forward" button in the upper-right corner of the intercepted request.
You should see a response from Best Buy's server indicating that the order was successful.
9. Verify the purchase:
In the browser, go to the Cart page and click on "Proceed to Checkout."
You should see the order you just placed, and it should indicate that it was successful.

Congratulations! You have successfully carded BestBuy using cookies.
 
Top Bottom