Carding ✅ Creating Your Own Checker Via Stripe ✅
SpritezBiC
Active Carder
- Joined
- 31.12.23
- Messages
- 86
- Reaction score
- 17
- Points
- 8
View attachment 53318
Creating Your Own Checker Via Stripe
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
carderautobullet
Carding Novice
- Joined
- 16.02.25
- Messages
- 21
- Reaction score
- 0
- Points
- 1
RepView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
carderautobullet
Carding Novice
- Joined
- 16.02.25
- Messages
- 21
- Reaction score
- 0
- Points
- 1
RepoView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
tyView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
Tribunegang
Carding Novice
- Joined
- 02.11.24
- Messages
- 15
- Reaction score
- 2
- Points
- 3
GoodThe whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep you
Ty!View attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
Tribunegang
Carding Novice
- Joined
- 02.11.24
- Messages
- 15
- Reaction score
- 2
- Points
- 3
AMAZINGView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
BingusMaximus11
Carding Novice
- Joined
- 08.03.25
- Messages
- 1
- Reaction score
- 0
- Points
- 1
Great stuff d0C
$fraudgawd$
Carding Novice
- Joined
- 09.03.25
- Messages
- 2
- Reaction score
- 0
- Points
- 1
Massively helpfulView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
bandido262011
Carding Novice
- Joined
- 02.03.24
- Messages
- 1
- Reaction score
- 0
- Points
- 1
GENIAL GRACIASView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. Configuración del verificador:
Antes, simplemente podías usar tu clave sk_live y ejecutar un script de Python para generar un token y verificar una tarjeta. Hoy en día, Stripe no es tan tonto: si intentas enviar directamente números de tarjeta de crédito sin procesar, recibirás un error como este:
[código]
{
"carga": nulo,
"código": nulo,
"código de rechazo": nulo,
"doc_url": nulo,
"mensaje": "Enviar números de tarjetas de crédito directamente a la API de Stripe generalmente no es seguro. Para continuar el procesamiento, utilice Stripe.js, los enlaces móviles de Stripe o Stripe Elements. Para obtener más información, consulte https://dashboard.stripe.com/account/integration/settings. Si está cualificado para gestionar datos de tarjetas directamente, consulte https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis."
"parámetro": nulo,
"intención_de_pago": nulo,
"método_de_pago": nulo,
"url_registro_de_solicitud": "https://dashboard.stripe.com/logs/req_21941209",
"intención_de_configuración": nulo,
"fuente": nulo,
"tipo": "error_de_solicitud_inválida"
}
[/código]
En lugar de usar una llamada directa a la API, ahora debe usar el frontend JavaScript de Stripes para recopilar y tokenizar los datos de la tarjeta. Existen soluciones alternativas (las analizaré con más detalle en una próxima guía), pero para este enfoque superficial, cambiamos a una configuración de servidor PHP sencilla.
Esto es lo que tienes que hacer:
- Coloque los siguientes archivos en una carpeta:
- índice.html
- validar.php
- compositor.json
- Ejecute "composer install" para instalar el módulo PHP de Stripe .
- Aloje la carpeta localmente (usando XAMPP WAMP o cualquier servidor PHP simple ).
- Abra index.html en su navegador. Le solicitará sus claves sk_live y pk_live y luego mostrará un campo de pago seguro de Stripe .
- Ingrese los detalles de su tarjeta; una vez enviados, el backend (validate.php) utiliza una intención de pago para validar la legitimidad de las tarjetas y devuelve una respuesta.
A continuación se muestra el código completo para esta configuración. (En serio, no modifiques nada).
[código]index.html:[/código]
[código]
<!DOCTYPE html>
<html lang="es">
<cabeza>
<meta charset="UTF-8">
<meta name="viewport" content="ancho=ancho-del-dispositivo, escala-inicial=1.0">
Validador de tarjetas
<script src="https://js.stripe.com/v3/"></script>
<estilo>
cuerpo {
familia de fuentes: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
relleno: 20px;
fondo: #f0f0f0;
}
.validador de tarjetas {
ancho máximo: 500px;
margen: 0 auto;
fondo: blanco;
relleno: 20px;
radio del borde: 8px;
caja-sombra: 0 2px 4px rgba(0,0,0,0.1);
}
h2 {
color: #32325d;
alinear texto: centro;
margen inferior: 24px;
}
.grupo de formularios {
margen inferior: 16px;
}
etiqueta {
pantalla: bloque;
margen inferior: 8px;
color: #32325d;
}
aporte {
ancho: 100%;
relleno: 8px 12px;
borde: 1px sólido #e4e4e4;
radio del borde: 4px;
tamaño de fuente: 16px;
margen inferior: 16px;
}
.elemento-tarjeta {
relleno: 12px;
borde: 1px sólido #e4e4e4;
radio del borde: 4px;
margen inferior: 16px;
}
botón {
fondo: #5469d4;
color: blanco;
relleno: 12px 24px;
borde: ninguno;
radio del borde: 4px;
tamaño de fuente: 16px;
cursor: puntero;
ancho: 100%;
}
botón:deshabilitado {
fondo: #93a3e8;
cursor: no permitido;
}
.estado {
margen superior: 16px;
relleno: 12px;
radio del borde: 4px;
alinear texto: centro;
}
.error {
fondo: #tarifa;
color: #ff0000;
}
.éxito {
fondo: #e8ffe8;
color: #008000;
}
</estilo>
</cabeza>
<cuerpo>
<div class="validador de tarjetas">
Validador de tarjetas
<div id="formulario-de-configuración">
<div class="grupo-de-formularios">
<label>Clave secreta (sk_live):</label>
<tipo de entrada="texto" id="sk_live" requerido>
</div>
<div class="grupo-de-formularios">
<label>Clave pública (pk_live):</label>
<tipo de entrada="texto" id="pk_live" requerido>
</div>
<button onclick="setupStripe()">Continuar</button>
</div>
<div id="tarjeta-forma" estilo="mostrar: ninguno;">
<form id="formulario-de-pago">
<div class="grupo-de-formularios">
<label>Detalles de la tarjeta:</label>
<div id="elemento-de-tarjeta" class="elemento-de-tarjeta"></div>
</div>
Validar tarjeta
</form>
<div id="estado" clase="estado" estilo="mostrar: ninguno;"></div>
</div>
</div>
<guión>
dejar raya;
dejar elementos;
dejar tarjeta;
deja que sk_live;
función setupStripe() {
constante pk_live = document.getElementById('pk_live').value;
sk_live = documento.getElementById('sk_live').valor;
si (!pk_live || !sk_live) {
alert('Por favor ingrese ambas claves');
devolver;
}
raya = Raya(pk_live);
elementos = stripe.elements();
tarjeta = elementos.crear('tarjeta');
document.getElementById('setup-form').style.display = 'none';
document.getElementById('tarjeta-formulario').style.display = 'bloque';
tarjeta.mount('#elemento-tarjeta');
}
document.getElementById('formulario-de-pago').addEventListener('enviar', función asíncrona(e) {
e.preventDefault();
const submitButton = document.getElementById('boton-de-envío');
const statusDiv = document.getElementById('estado');
submitButton.disabled = verdadero;
submitButton.textContent = 'Procesando...';
statusDiv.style.display = 'bloque';
statusDiv.textContent = 'Validando tarjeta...';
statusDiv.className = 'estado';
intentar {
const { métodoDePago, error } = await stripe.createPaymentMethod({
tipo: 'tarjeta',
tarjeta: tarjeta,
});
si (error) {
arrojar error;
}
constante respuesta = await fetch('validate.php', {
método: 'POST',
encabezados: {
'Tipo de contenido': 'application/json',
},
cuerpo: JSON.stringify({
payment_method_id: métododepago.id,
clave secreta: sk_live,
}),
});
const resultado = await respuesta.json();
si (resultado.error) {
lanzar nuevo Error(resultado.error);
}
// Manejar la autenticación 3D Secure si es necesario
si (resultado.requiere_acción) {
statusDiv.textContent = 'Se requiere autenticación adicional...';
const { error: confirmError } = await stripe.confirmCardSetup(
resultado.secreto_del_cliente
);
si (confirmarError) {
lanzar confirmError;
}
statusDiv.textContent = '¡La tarjeta está activa!
statusDiv.className = 'estado exitoso';
devolver;
}
deje mensaje = '';
cambiar (resultado.estado) {
caso 'exitoso':
mensaje = '¡La tarjeta está activa!
romper;
caso 'procesando':
mensaje = 'La validación de la tarjeta aún está procesándose...';
romper;
caso 'requiere_acción':
mensaje = 'La tarjeta requiere verificación adicional.';
romper;
por defecto:
mensaje = `Estado de validación de la tarjeta: ${result.status}`;
}
statusDiv.textContent = mensaje;
statusDiv.className = result.success ? 'estado exitoso' : 'estado error';
} captura (error) {
statusDiv.textContent = `Rechazado: ${error.message}`;
statusDiv.className = 'error de estado';
} finalmente {
submitButton.disabled = falso;
submitButton.textContent = 'Validar tarjeta';
}
});
</script>
</cuerpo>
</html>
[/código]
[código]validate.php:[/código]
[código]
<?php
header('Control-de-Acceso-Permitir-Origen: *');
header('Tipo de contenido: aplicación/json');
header('Control de acceso: permitir métodos: POST');
header('Control de acceso-Permitir-encabezados: Tipo-de-contenido');
si ($_SERVER['MÉTODO_DE_SOLICITACIÓN'] === 'OPCIONES') {
código_de_respuesta_http(200);
exit();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit();
}
require_once '../vendor/autoload.php';
// Ensure the input is valid JSON before decoding
$rawInput = file_get_contents('php://input');
if (!isValidJson($rawInput)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid JSON input']);
exit();
}
$input = json_decode($rawInput, true);
$payment_method_id = $input['payment_method_id'] ?? null;
$secret_key = $input['secret_key'] ?? null;
if (!$payment_method_id || !$secret_key) {
http_response_code(400);
echo json_encode(['error' => 'Missing required parameters']);
exit();
}
// Helper function to validate JSON
function isValidJson($string) {
json_decode($string);
return json_last_error() === JSON_ERROR_NONE;
}
try {
\Stripe\Stripe::setApiKey($secret_key);
// Create a SetupIntent and confirm it with the payment method
$setup_intent = \Stripe\SetupIntent::create([
'payment_method' => $payment_method_id,
'confirm' => true,
'usage' => 'off_session',
'return_url' => 'https://crdpro.cc',
'automatic_payment_methods' => [
'enabled' => true,
'allow_redirects' => 'never'
]
]);
// Check the status
$status = $setup_intent->status;
$success = in_array($status, ['succeeded', 'requires_action', 'processing']);
// If 3D Secure authentication is required
if ($status === 'requires_action' || $status === 'requires_source_action') {
echo json_encode([
'success' => false,
'status' => $status,
'setup_intent' => $setup_intent->id,
'client_secret' => $setup_intent->client_secret,
'requires_action' => true
]);
exit();
}
echo json_encode([
'success' => $success,
'status' => $status,
'setup_intent' => $setup_intent->id
]);
} catch (\Exception $e) {
http_response_code(400);
echo json_encode([
'error' => $e->getMessage(),
'type' => get_class($e)
]);
}
Code:composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
En cuanto a la gestión de cuentas, Stripe es implacable . En cuanto empieces a ejecutar patrones sospechosos, frenarán de golpe y eliminarán tu cuenta. ¿La mejor opción? Alterna entre varias cuentas de Stripe , usa direcciones IP diferentes para cada una y mantén el volumen de verificación de tarjetas dentro de límites razonables. No seas el idiota que piensa que realizar un montón de pruebas en una sola cuenta es buena idea.
Finalmente, la gestión de errores es tu salvavidas. Aprende a analizar cada mensaje de error: a veces significa que la tarjeta está dañada; otras veces, simplemente es que Stripe se está poniendo terco. En cualquier caso, comprender estos mensajes te permitirá ajustar tu enfoque sobre la marcha.
No es ciencia espacial, pero si ignoras estos consejos, te encontrarás dando tumbos como un novato. Usa estas estrategias para ir un paso por delante y recuerda: el diablo está en los detalles.
Más por venir
Este es solo el comienzo de nuestra serie sobre cómo crear comprobadores, ya que es extremadamente básico y sencillo. Empezamos con la versión básica: la comprobación de la API de Stripe . En próximas guías, profundizaremos en el tema principal: crear tus propios sistemas de autenticación y comprobadores masivos que funcionen con diferentes procesadores de pago, crear tu propio bot de verificación de CC de Telegram, etc., y crear comprobadores que realmente te proporcionen información útil más allá de "válido/inválido".
Recuerda: Un verificador es tan bueno como su operador. No seas el imbécil que procesa 10,000 tarjetas con una sola cuenta de Stripe y se pregunta por qué la banearon. Empieza poco a poco, entiende la mecánica y crece con inteligencia.
Estén atentos a la próxima guía de esta serie. Vamos a profundizar en los detalles de cómo construir fichas que realmente merecen ser llamadas herramientas, no juguetes. Doctrina fuera.
Lolito2214
Active Carder
- Joined
- 28.09.23
- Messages
- 41
- Reaction score
- 8
- Points
- 8
GraciasView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
fosaidfjsaoi
Carding Novice
- Joined
- 16.03.25
- Messages
- 1
- Reaction score
- 0
- Points
- 1
thanks man
View attachment 53318
Los servicios de verificación están en ruinas ahora mismo. Están cayendo como moscas , ya sea por completo fuera de servicio o volviéndose tan poco fiables que bien podrían estarlo. ¿Y los que funcionan? O son muy lentos o arrojan más rechazos falsos que resultados reales. Con razón mi bandeja de entrada está llena de la misma pregunta: "¿Cómo creo mi propio verificador?".
Bueno, finalmente lo explicaré todo. Crear tu propio verificador es una tarea compleja con múltiples enfoques, pero lo abordaremos paso a paso. Esta guía es la primera de una serie donde exploraremos diferentes métodos, comenzando por el más sencillo: verificar tarjetas mediante la API de Stripe .
En este momento, está trabajando con lo esencial: un verificador de Stripe que puede verificar una sola tarjeta a la vez; la próxima guía ampliará las cosas con técnicas de verificación masiva, verificaciones 3DS y exploraciones en otras integraciones de comerciantes.
¿Por qué Stripe?
Si has estado leyendo mis artículos, ya conoces mi postura al respecto: verificar con Stripe es malo . No porque "elimine" tarjetas; técnicamente no es cierto. El verdadero problema es que el sistema Radar de Stripe pone tus tarjetas en la lista negra (generic_decline) . Cada tarjeta que pasas por un verificador de Stripe se marca como parte de un ataque de "prueba de tarjetas", así que mucha suerte usándola después en cualquier sitio web con tecnología de Stripe .
Pero en tiempos desesperados, hay que tomar medidas desesperadas. Quizás ya estés accediendo a sitios que no son de Stripe o simplemente necesites una comprobación rápida de validez. El método sigue funcionando; solo tienes que entender en qué te estás metiendo.
API y binners de Stripe
View attachment 53321
¿Esos binners que criticamos antes? Resulta que son los mismos que operan estos "servicios de verificación SK", operados principalmente por indios expertos en tecnología que han descubierto cómo automatizar su estrategia de gestión de basura. Generan y prueban manualmente tarjetas masivas extrayendo claves públicas de Stripe de sitios de comercio electrónico . El mismo método de escribir a máquina, solo que con herramientas más sofisticadas.
Y no solo atacan a Stripe . Braintree Square: cualquier procesador de pagos con claves públicas expuestas en sitios web sufre un duro golpe con estos scripts. Pero hoy nos centramos en Stripe porque es el más extendido y su API es realmente decente, incluso si estos payasos la están utilizando de forma abusiva.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.
View attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'tipo' => obtener_clase($e) ]); } [código]composer.json:[/código] [código] { "requerir": { "stripe/stripe-php": "^13.0" } } [/código] ***Texto oculto: no se puede citar.*** Una vez que todo esté configurado correctamente: [IMG]https://i.imgur.com/J8PLECk.png[/IMG] [IMG]https://i.imgur.com/G85ElSb.png[/IMG] [IMG]https://i.imgur.com/v1ICjIF.png[/IMG] [HR][/HR] [SIZE=6]Algunas otras cosas para recordar[/SIZE] [CENTER][IMG width="637px"]https://i.imgur.com/BPaqPEu.png[/IMG][/CENTER] La cuestión de [COLOR=rgb(0, 255, 0)]la vinculación[/COLOR] frente a [COLOR=rgb(255, 140, 0)]la autenticación[/COLOR] es simple. La vinculación simplemente crea un método de pago, lo que equivale a archivar los datos de la tarjeta sin mayor alboroto. La autenticación, en cambio, intenta cobrar una pequeña cantidad (por ejemplo, cero dólares o unos pocos dólares) para verificar la tarjeta. Esto permite saber con mayor claridad si una tarjeta está activa, pero también deja un rastro más visible y el riesgo de que la tarjeta sea inutilizable. En cuanto a la gestión de cuentas, [COLOR=rgb(0, 191, 255)]Stripe[/COLOR] es [COLOR=rgb(255, 69, 0)]implacable[/COLOR] . En cuanto empieces a ejecutar patrones sospechosos, frenarán de golpe y eliminarán tu cuenta. ¿La mejor opción? Alterna entre varias cuentas [COLOR=rgb(0, 191, 255)]de Stripe[/COLOR] , usa direcciones IP diferentes para cada una y mantén el volumen de verificación de tarjetas dentro de límites razonables. No seas el idiota que piensa que realizar un montón de pruebas en una sola cuenta es buena idea. Finalmente, la gestión de errores es tu salvavidas. Aprende a analizar cada mensaje de error: a veces significa que la tarjeta está dañada; otras veces, simplemente es que [COLOR=rgb(0, 191, 255)]Stripe[/COLOR] se está poniendo terco. En cualquier caso, comprender estos mensajes te permitirá ajustar tu enfoque sobre la marcha. No es ciencia espacial, pero si ignoras estos consejos, te encontrarás dando tumbos como un novato. Usa estas estrategias para ir un paso por delante y recuerda: el diablo está en los detalles. [HR][/HR] [SIZE=6]Más por venir[/SIZE] Este es solo el comienzo de nuestra serie sobre cómo crear comprobadores, ya que es extremadamente básico y sencillo. Empezamos con la versión básica: la comprobación de la API [COLOR=rgb(0, 191, 255)]de Stripe[/COLOR] . En próximas guías, profundizaremos en el tema principal: crear tus propios sistemas de autenticación y comprobadores masivos que funcionen con diferentes procesadores de pago, crear tu propio bot de verificación de CC de Telegram, etc., y crear comprobadores que realmente te proporcionen información útil más allá de "válido/inválido". Recuerda: Un verificador es tan bueno como su operador. No seas el imbécil que procesa 10,000 tarjetas con una sola cuenta [COLOR=rgb(0, 191, 255)]de Stripe[/COLOR] y se pregunta por qué la banearon. Empieza poco a poco, entiende la mecánica y crece con inteligencia. Estén atentos a la próxima guía de esta serie. Vamos a profundizar en los detalles de cómo construir fichas que realmente merecen ser llamadas herramientas, no juguetes. ¡Adiós a la doctrina! [/QUOTE] Liked
rhzView attachment 53318
Checker services are in absolute shambles right now. Their services are dropping like flies - either going completely offline or becoming so unreliable they might as well be. The working ones? Theyre either slow as shit or spitting out more false declines than actual results. No wonder my inbox is flooded with the same question "How do I make my own checker?"
Well Im finally going to break it all down. Creating your own checker is a complex beast with multiple approaches but were going to tackle it step by step. This guide is the first in a series where well explore different methods starting with the most straightforward one: checking cards via Stripes API.
Right now youre working with the bare essentials a Stripe checker that can check a single card at a time; the next guide will amp things up with mass-checking techniques 3DS checks and explorations into other merchant integrations.
Why Stripe Though?
If youve been following my writeups you already know my stance on this: checking via Stripe is bad. Not because it "kills" cards - thats technically not true. The real issue is Stripe's Radar system blacklisting (generic_decline) your cards. Every single card you run through a Stripe checker gets flagged as part of a "card testing" attack and good fucking luck using that card on any Stripe-powered site afterward.
But desperate times call for desperate measures. Maybe youre hitting non-Stripe sites anyway or you just need a quick validity check. The method still works - just understand what you're getting yourself into.
Stripe API And Binners
View attachment 53321
Those binners we roasted earlier? Turns out theyre the same ones running these "SK checker services" - mostly operated by tech-savvy Indians whove figured out how to automate their garbage strategy. They manually generate and test bulk cards by scraping e-commerce sites for public Stripe keys. Same monkey-typewriter approach just with fancier tools.
And its not just Stripe they're targeting. Braintree Square any payment processor with public keys exposed on websites gets hammered by these scripts. But we're focusing on Stripe today because it's the most widespread and their API is actually decent to work with even if these clowns are abusing it.
Here's how Stripe checking works under the hood:
- Tokenization: Your card details get converted into a one-time token
- Payment Method Creation: That token becomes a "payment method"
- Auth Options: You can either just bind the card (no charge) or run a small auth charge ($0.50-$1) to verify funds
Building Your Own Checker
Alright lets get you set up with Stripe in a way that doesnt leave you looking like a clueless rookie.
1. Prep Your Gear:
- Premium US proxy - Stripes fraud detection will flag cheap proxies instantly. Residential proxies are your best bet here.
- Legit identity details (SSN + DOB). Half-assed fake info is a one-way ticket to account termination.
- Business front browse Flippa.com for a small established e-commerce site. Copy their business model and details - this helps you sail through Stripe's verification process.
- Banking info any plausible routing and account numbers will work since were not actually processing payments. Just make sure the numbers follow the correct format.
2. Setting Up Your Stripe Account:
- Quality fullz (SSN DOB address etc). Bender-Search is my current go-to - their data is accurate and cheap at 50 cents per set. While other vendors exist Benders quality has been consistently solid.View attachment 53323
- Register at stripe.com using an email that you have access to.
- Personal info use the name and DOB from your fullz. The SSN needs to match perfectly.
View attachment 53325
- Business details:
- Choose "Undergistered" as business type
View attachment 53324- Use your ecommerce site's name and description
View attachment 53326
View attachment 53327- Pick an industry that matches your sites products
- Bank details:
- When prompted for bank details select "Enter Bank Details Manually" - not doing so will prompt Plaid which we dont want
- Look up a real routing number from a bank in your fullz's city
- Generate a random 10-12 digit account number
- Use the same name as your personal info
- Once verified grab your API keys from the dashboard - youll need these for the checker
3. The Checker Setup:
Back in the day you could simply use your sk_live key and run a Python script to bust out a token and verify a card. Nowadays, Stripe isnt that stupid – if you try sending raw credit card numbers directly youll get hit with an error like this:
Code:{ "charge": null, "code": null, "decline_code": null, "doc_url": null, "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. To continue processing use Stripe.js, the Stripe mobile bindings, or Stripe Elements. For more information, see https://dashboard.stripe.com/account/integration/settings. If you are qualified to handle card data directly, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "param": null, "payment_intent": null, "payment_method": null, "request_log_url": "https://dashboard.stripe.com/logs/req_21941209", "setup_intent": null, "source": null, "type": "invalid_request_error" }
Instead of getting away with a direct API call you now must use Stripes JavaScript frontend to collect and tokenize card details. There are workarounds out there – I'll dive deeper into those in a future guide – but for this surface-level approach were switching to a simple PHP server setup.
Here's what you need to do:
- Place the following filesin one folder:
- index.html
- validate.php
- composer.json
- Run "composer install" to install the Stripe PHP module.
- Host the folder locally (using XAMPP WAMP or any plain PHP server).
- Open index.html in your browser. It will prompt you for your sk_live and pk_live keys then display a secure Stripe payment field.
- Enter your card details; once submitted the backend (validate.php) uses a Payment Intent to validate the cards legitimacy and returns a response.
Below is the complete code for this setup. (Seriously – dont modify any of this stuff.)
Code:index.html:Code:<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Card Validator</title> <script src="https://js.stripe.com/v3/"></script> <style> body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; padding: 20px; background: #f0f0f0; } .card-validator { max-width: 500px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } h2 { color: #32325d; text-align: center; margin-bottom: 24px; } .form-group { margin-bottom: 16px; } label { display: block; margin-bottom: 8px; color: #32325d; } input { width: 100%; padding: 8px 12px; border: 1px solid #e4e4e4; border-radius: 4px; font-size: 16px; margin-bottom: 16px; } .card-element { padding: 12px; border: 1px solid #e4e4e4; border-radius: 4px; margin-bottom: 16px; } button { background: #5469d4; color: white; padding: 12px 24px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; width: 100%; } button:disabled { background: #93a3e8; cursor: not-allowed; } .status { margin-top: 16px; padding: 12px; border-radius: 4px; text-align: center; } .error { background: #fee; color: #ff0000; } .success { background: #e8ffe8; color: #008000; } </style> </head> <body> <div class="card-validator"> <h2>Card Validator</h2> <div id="setup-form"> <div class="form-group"> <label>Secret Key (sk_live):</label> <input type="text" id="sk_live" required> </div> <div class="form-group"> <label>Public Key (pk_live):</label> <input type="text" id="pk_live" required> </div> <button onclick="setupStripe()">Continue</button> </div> <div id="card-form" style="display: none;"> <form id="payment-form"> <div class="form-group"> <label>Card Details:</label> <div id="card-element" class="card-element"></div> </div> <button type="submit" id="submit-button">Validate Card</button> </form> <div id="status" class="status" style="display: none;"></div> </div> </div> <script> let stripe; let elements; let card; let sk_live; function setupStripe() { const pk_live = document.getElementById('pk_live').value; sk_live = document.getElementById('sk_live').value; if (!pk_live || !sk_live) { alert('Please enter both keys'); return; } stripe = Stripe(pk_live); elements = stripe.elements(); card = elements.create('card'); document.getElementById('setup-form').style.display = 'none'; document.getElementById('card-form').style.display = 'block'; card.mount('#card-element'); } document.getElementById('payment-form').addEventListener('submit', async function(e) { e.preventDefault(); const submitButton = document.getElementById('submit-button'); const statusDiv = document.getElementById('status'); submitButton.disabled = true; submitButton.textContent = 'Processing...'; statusDiv.style.display = 'block'; statusDiv.textContent = 'Validating card...'; statusDiv.className = 'status'; try { const { paymentMethod, error } = await stripe.createPaymentMethod({ type: 'card', card: card, }); if (error) { throw error; } const response = await fetch('validate.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ payment_method_id: paymentMethod.id, secret_key: sk_live, }), }); const result = await response.json(); if (result.error) { throw new Error(result.error); } // Handle 3D Secure authentication if required if (result.requires_action) { statusDiv.textContent = 'Additional authentication required...'; const { error: confirmError } = await stripe.confirmCardSetup( result.client_secret ); if (confirmError) { throw confirmError; } statusDiv.textContent = 'Card is Live! ✅'; statusDiv.className = 'status success'; return; } let message = ''; switch (result.status) { case 'succeeded': message = 'Card is Live! ✅'; break; case 'processing': message = 'Card validation is still processing...'; break; case 'requires_action': message = 'Card requires additional verification.'; break; default: message = `Card validation status: ${result.status}`; } statusDiv.textContent = message; statusDiv.className = result.success ? 'status success' : 'status error'; } catch (error) { statusDiv.textContent = `❌ Declined: ${error.message}`; statusDiv.className = 'status error'; } finally { submitButton.disabled = false; submitButton.textContent = 'Validate Card'; } }); </script> </body> </html>
Code:validate.php:Code:<?php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Content-Type'); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit(); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); exit(); } require_once '../vendor/autoload.php'; // Ensure the input is valid JSON before decoding $rawInput = file_get_contents('php://input'); if (!isValidJson($rawInput)) { http_response_code(400); echo json_encode(['error' => 'Invalid JSON input']); exit(); } $input = json_decode($rawInput, true); $payment_method_id = $input['payment_method_id'] ?? null; $secret_key = $input['secret_key'] ?? null; if (!$payment_method_id || !$secret_key) { http_response_code(400); echo json_encode(['error' => 'Missing required parameters']); exit(); } // Helper function to validate JSON function isValidJson($string) { json_decode($string); return json_last_error() === JSON_ERROR_NONE; } try { \Stripe\Stripe::setApiKey($secret_key); // Create a SetupIntent and confirm it with the payment method $setup_intent = \Stripe\SetupIntent::create([ 'payment_method' => $payment_method_id, 'confirm' => true, 'usage' => 'off_session', 'return_url' => 'https://crdpro.cc', 'automatic_payment_methods' => [ 'enabled' => true, 'allow_redirects' => 'never' ] ]); // Check the status $status = $setup_intent->status; $success = in_array($status, ['succeeded', 'requires_action', 'processing']); // If 3D Secure authentication is required if ($status === 'requires_action' || $status === 'requires_source_action') { echo json_encode([ 'success' => false, 'status' => $status, 'setup_intent' => $setup_intent->id, 'client_secret' => $setup_intent->client_secret, 'requires_action' => true ]); exit(); } echo json_encode([ 'success' => $success, 'status' => $status, 'setup_intent' => $setup_intent->id ]); } catch (\Exception $e) { http_response_code(400); echo json_encode([ 'error' => $e->getMessage(), 'type' => get_class($e) ]); } [code]composer.json:Code:{ "require": { "stripe/stripe-php": "^13.0" } }
*** Hidden text: cannot be quoted. ***
Once everything's setup properly:
Some Other Stuff To Remember
The whole deal with binding versus auth is simple. Binding merely creates a payment method which is like filing away your card details without much fanfare. Auth on the other hand actually attempts to charge a tiny amount (think $0 or a few bucks) to verify the card. It gives you better clarity on whether a card is active but it also leaves a more noticeable trace and risk of killing the card.
When it comes to account management Stripe is merciless. The moment you start running patterns that look sketchy theyll slam the brakes and nuke your account. Your best bet? Rotate through multiple Stripe accounts use different IP addresses for each and keep your card-checking volume within reasonable limits. Don't be the idiot who thinks running a mountain of tests on a single account is a good idea.
Finally error handling is your lifeline. Learn how to dissect each error message—sometimes it means the card is toast; other times it's just Stripe being a stubborn bitch. Either way understanding these messages means you can adjust your approach on the fly.
This isn't rocket science but if you ignore these pointers youll be stumbling around like a rookie. Use these strategies to stay a step ahead and remember: the devil's in the details.
More To Come
This is just the beginning of our checker creation series as such it is extremely basic and simple. We've started with the training wheels version - Stripe API checking. In upcoming guides well dive into the real shit: building your own auth systems and mass checker working with different payment processors, creating your own Telegram CC Checker bot, etc, and creating checkers that actually give you useful data beyond "valid/invalid."
Remember: A checker is only as good as its operator. Don't be the dipshit running 10,000 cards through one Stripe account and wondering why it got banned. Start small understand the mechanics and scale up smart.
Stay tuned for the next guide in this series. Were going to get into the specifics of building checkers that actually deserve to be called tools not toys. d0ctrine out.