DISCLAIMER

This program is intended ONLY for testing your own sites.

Any other use of this program is forbidden.
The Author does not take responsibility for any improper use of the program.
ABOUT MBA
This version of Sentry is labeled Sentry MBA, i.e. Sentry 2.0 modded by Astaris
.
My thanks go to Sentinel for making this wonderful program and for giving away f
or free the source code.
PROGRAM FEATURES
- Supports Ajax
- Full OCR support
- Supports Fixed Captcha OCR sites (like sites that use Strongbox for example) b
y an user configurable database
- Features a special "Acquire Images" engine that let the user extend the databa
se for fixed captcha sites. Moreover a training page can be generated in order t
o train Tesseract for specific fonts.
A database which includes Strongbox and other sites is included.
- Supports HTTPS
- Supports Socks 4a/5
- Features an advanced configuration of all the engine stages by using special v
ariables: in this way user is able to configure correclty the engine for very sp
ecialized cases.
- Supports fully configurable Keywords Capture (useful in order to get premium a
ccount details)
- Supports fully configurable Form JavaScript Redirect (useful to get the page w
here a premium account detail is shown)
- Supports multiple additional form redirects, i.e. MBA is able to call addition
al URLs in order to capture keys from multiple pages.
- Supports advanced custom Parsing Code
- Supports advanced special Keywords Matching Functions
- Features an advanced Proxy Analyzer which supports special cleaning and filter
ing functions, above all the proxy filtering by IpFilter.
An IpFilter tweaked for the use with Sentry is included.
- Other unique features that you must discover by yourself
LIST OF CHANGES
Version 1.4.1
- Added new option in general settings frame to save automatically to check comb
os on file upon end of bruteforcing session.
- Added new option in general settings frame to detect automatically problems wi
th internet connection: this one should prevent endless socket loop under some n
etwork conditions.
- Bruteforcer wordlist position is saved automatically each 60 seconds for each
site. The saved positions will be reloaded and saved in the relative snapshots a
t the program start if the program closes unexpectedly.
- History filters defined in the history options frame are now loaded automatica
lly in the history frame. Fon this reasons now most options are gone in the cont
ext menu, since they are grouped in the filter modes and can be expanded by the
user.
- Added new capture functions in the parsing code wizard. The new data type will
be saved under new columns available in the history frame.
- Added new functions in the variables wizard, check the pdf for the details. In
particular you can now issue a key match by variables...moreover added just one
function that will help users who want to do real time combo manipulation by va
riables.
- Intermediate action stages can now be fully configured with variables.
- Progression frame -> Bot Debugs can now be cleared, check new command availabl

e in the progression frame.

- Defined new HTTP codes in the statistics panel by the progression frame. Move
the mouse pointer on the code and context help will tell you the meaning.
- Global keys are now checked after site keys regardless of the key type.
- All hard aborted combos (such combo are not tested!) will now go to the to che
ck tab.
- Added new scan function in wordlist frame: this function will scan a directory
for wordlists and will tell you for each one the saved position and progression
for the currect selected snapshot. For this function to work a snapshot has to
be selected in the main site menu.
Moreover wordlist lengths will be stored only upon opening the file in wordlist
frame. So if you want this feature to fully work you should open in wordlist fra
me at least one time the list you want to track for.
- History options frame -> User can now activate/deactivate the realtime update
of history frame by bruteforcer. This option is deactivated by default.
- History options frame -> User can now tells MBA if he wants sources and debugs
to be saved by file together with the result in the history frame. This option
is activated by default.
- Main file settings and site settings files (i.e. snapshots) are now loaded in
memory.
- Improved detections of proxies that do not support SLL when bruteforcing a HTT
PS site: such proxies will issue a 419 code and will be banned.
- Added new options in proxy analyzer: in particular you can now analyze a HTTPS
site; moreover you can set how many keywords you want for site specific analysi
s and differentiate between header and source key. Finally engine has been impro
ved too. Go check all the changes you lazy one :P
- Now all sites in main sites menu are ordered by main site sub-domain.
- Other additions here and there. (i.e. the one i forgot i made ;P)
- Major and minor improvements here and there. (too lazy to write down the list.
..)
- Major and minor bug fixes here and there. (there are to be some right? :P)
Finally language samples have been updated and a new tess language (cp27) is ava
ilbale -> thanx go to choper for this one!
Version 1.4
- Added support for three fields bruteforcing. Now when you'll start a bruteforc
er session, MBA will ask you how to map the bruteforcer fields to the loaded wo
rdlist. It works in this way:
The bruteforcer fields are called <USER>, <PASS> and <EMAIL>. Take note that eve
n if the third field is called <EMAIL> it doesn't need to be linked to an email
!
Each word of the loaded wordlist is treated like field1:field2:field3, i.e. now
each word in the wordlist can be either a single, double or triple word. It will
be called anyway a combo since i like the word to be named combo :P
So from the start bruteforcer form you will be able to assign field 1 to either
<USER>, <PASS> and <EMAIL>. Same rule applies to field2 or field3.
Finally take note that in basic mode you should always assign field1 to <USER> a
nd field2 to <PASS>. If you need otherwise, then you must switch to master mode.
- POST Wizard is now called Master Wizard. Here the main changes/additions:
1) For all the HTTP stages (except for the OCR one) user can set the call method
: Head, Get, Post, Post MultiForm, Post Json. Take note that for the new POST me
thods you must format the POST data in the usual way...MBA will change the forma
t
automatically once the POST data is built. Moreover for Json if you need to add
a multivalue parameter just add \s at the end of the name parameter. In order to
close a multiparameters section, add \e at the end of the name of the last para
meter
of the section. Sections left open will be closed automatically, so no need to a
dd \e to the last parameters.
2) Improved the default parsing engine, that now is fully three fields compatibl

e. So now you can tell the default parser how many bruteforcer fields you expect
from the form. For this you must use the indexes near each field. See context h
elp for more detail.
3) Added Debugger available from the POST Wizard. In this way you can check for
example all the forms and fields captured and debug any config error quickly. A
debugger is available from OCR Wizard too.
4) Now you can parse form data from the Intermediate action ("From IA" option).
Useful for sites for which the login page is actually called in the second stage
.
5) You can enable/disable follow redirect for Intermediate action and redirect U
RL. Take note that a redirect to another domain will not be followed and will tr
igger instead an IP ban.
6) Now you can set mutiple redirect keys (and you can tell MBA if a key has to b
e a source key or a header key) and you can build them with the keyword wizard.
- Improved the parsing code engine. Her the main changes/additions:
1) Now the function premium date is only one, but it is in fact a universal date
converter. It will recognize automatically unixtime, days remaining format and
(year, month, week, minute, hour, second) format. Only action user has to take i
t is when the premium date is given in
seconds remaining. In this case just add "second" as prefix or suffix.
2) Added user and pass functions. If a data extracted is marked as user or pass
it will be added in the columns user and pass of the history.
3) Now you can set recursive option and capture target option for each field.
4) You can add mutiple fields even if parsing code is not used for capture or po
st fields extraction. This means that you can add multiple fields extraction whe
n parsing code is used as a variable input.
In this case all fields captured will be just joined. But you will get a nice fe
ature if you enable recursive parsing code from variable wizard. In this case ea
ch field captured mutiple times will
generate a vector of size equal to the number of times the parsing code has matc
hed the field parsing strings.
For example let's suppose you have a parsing code which captures fields field1 a
nd field2.
field1 is captured 4 fimes with values field1_1, field1_2, field1_3, field1_4.
field2 is captured 1 time with value field2_1.
You will get a vector Key[] of size 4 with these values:
Key[1] = field1_1field2_1
Key[2] = field1_2field2_1
Key[3] = field1_3field2_1
Key[4] = field1_4field2_1
What to do with this vector? Well when you have computed a variable in such way,
you can do only one thing with the var...Assign it to an additional redirect pa
ameter (be it POST or URL)...the additional redirect URL will be called in this
case four times, each time with
the assigned value corresponding to the index assigned, i.e. first time MBA will
use Key[1], second time Key[2] and so on.
5) Added Pefix and Suffix inputs. They will be added right before and after the
data extracted. In chain mode with these ones filled, you can get almost all wor
k done with just one variable :)
- Improved the variables engine:
1) Added new crypto functions (RSA and HMAC) and all SHA hash methods, plus othe
r convert and string functions.
2) Now variables supports mutiinput functions. In order to configure such functi
ons, new functions have been added, SetParameterIndex and SetParameterValue, see
context help for more details.
3) Now you can re-assign an already computed variable with the new function SetF
ield. With this one you can also set the user, pass and email of the combo being
tested. The captcha too can be reasiigned.
This feature together with the new variable flow control options will give the u
ser the chance to excecute different variables codes as a function of the server

response.
4) Now you can assign the header too to any stage. Mutiple headers can be assign
ed if you use \n as fields separator. Fields already present will be replaced.
5) Added OCR stage. In this way you can manipulate captcha code right after the
image is recognized.
6) Added loop variables. Thiese variables will set the enry point of a loop cycl
e that can be triggered by the new Jump function.
7) You can add additional redirect URLs by variables. This will let you to add s
uch URLs recursively based on the response got from the last additional redirect
URL.
- Totally rewritten the HTTP debugger.Go to check, too lazy to explain the detai
ls here.
- In Keywords Wizard you can set keys for Intermediate action only. Moreover fak
e image ban key has been added.
- Other major and minor improvements/additions here and there.
- Solved critical, major and minor bugs.
Finally new languages from cp20 to cp26 (excluded cp21...) have been added. Than
x go to Jenva/Atterdale and machak :)
Version 1.3.4c
- Added new option in Fakes Settings frame to enable keywords engine on Intermed
iate Action stage.
- Added remove duplicates function in wordlist frame. After removing duplicates,
user must save wordlist before it can be used in the bruteforcer.
- In all URLs and Post fields from Post Wizard <USER>, <PASS> and <Captcha> will
be replaced with the user and pass of the combo being tested and with the OCR c
ode of the recoginzed image, if any.
- Now both good users and combo expired will be added to the Users/Combo tab in
progression frame.
- Wordlist position will be saved based on the file fingerprint computed directl
y on the file content: in this way position will be rembered even if user change
s filename.
- If the same wordlist is used by multiple brutefrocers, it is shared at progres
sion frame level in order to optimize memory usage.
- From the history options frame user can tell MBA what types of progression res
ults must be sent automatically to the history.
- Solved two critical bugs that would lead to an out of memory error.
- Solved a major memory leak in history analyzer. Moreover loading time of histo
ry bots has been improved.
- Solved a major bug in hisotry frame that would cause the hits obtained with se
parate lists to be deleted at the program start.
Finally two new Tess languages have been added...thanx to Jenva22/Atterdale as a
lways :)
Version 1.3.4b1
- Now the bot debug is trimmed to 2MB before copying it to the memory: this shou
ld solve i hope the out of memory error some users are having.
- Now for each stage, the maximum number of HTTP redirects followed has been lim
ited to 10: this should prevent an infinite redirect loop caused by shitty proxi
es.
Version 1.3.4b
- Now in History frame you can filter list by site name.
- Added new key type in advanced keyword mode -> ban key type.
There are four types atm:
- Normal -> Legacy ban key
- Conditional Ban -> if such key is matched, then MBA will restart authenticat
ion process with same proxy but wrong combo. If MBA get a bad login response wit
h wrong combo (i.e. fail key is matched), then the original combo will be marked
as bad,

if the ban key is matched istead, then the proxy will be banned and the comb
o will be retried with another proxy. This type of key is useful for sites where
the banned response and the one for banned combos (i.e. shared accounts) are th
e same.
- Login Page Ban -> This key will trigger an IP ban ONLY if it is matched again
st the login page.
- Black List Ban -> If such key is matched the proxy will be banned AND added t
o the blacklist.
- Added a new option in keywords wizard -> Require Empty Body. If such option is
cheched, then a header key will be matched ONLY if the body sent together with
the headers is empty. Useful for Ajax sites that send fail login response over a
n empty body.
- Added new option in fakes settings frame -> Process error codes. If this optio
n is checked, ALL http error codes (excluded of course TCP socket errors, that i
n fact are no HTTP errors, well just to be clear :P) will be processed by the ke
yword engine, i.e.
you will be able to match for example a not found code in the HTTP headers.
- Added another option in fakes settings frame -> Bad Path Detection. This one w
as a feature already available before, but now you can disable it, that's the di
fference :P
- Now in Post Wizard you can tell MBA to authenticate with basic authentication
field, i.e. you'll be able to bruteforce popup sites with the same engine activa
ted for form sites. What's the advantage? Well, you can capture all the fu*k you
want, simple :D
So i should really change the name from Post Wizard to something else, any ide
a? :P
- The keyword engine for basic popup sites now searches for header keys also on
401 headers. What's the advantage? Simple, you can identify really bad proxies b
ased on the authentication realm field, that's a hint :D
- Now in the proxy analyzer frame you can remove all the proxies that are no mor
e in the proxy list: this is useful to better synchronyze the analyzer after you
found with bruteforcing that some proxies really suck :P
- Various improvements in the bruteforcer engine.
- Solved major and minor bugs here and there.
And finally I added 7 new Tess language. You already know the man you must thank
for this: congrats to Jenva22 aka Atterdale aka The captcha Killer :P
Ok maybe i forgot something, so lemme add only Happy New Year (HNY and btw RTFR
N, RTFF and RTFB!) and please don't believe to all the shit surrounding this num
ber :D
Version 1.3.4a
- Improved parsing code engine: now it is faster and has better memory usage. Mo
reover a critical bug has been fixed.
- Fixed a critical bug that would lead to the program freeze when banning window
is activated and a certain codition is met.
- Prevented a critical condtion that would lead to an out of memory error when u
nexpected large data (> 6 MB) is downloaded by a bot. For this reason now all da
ta is trimmed to 2 MB on HTTP level.
- Fixed a minor bug that would cause a combo to be assigned to two different bot
s.
- The maximum number of users you can store in the users tab is limited from now
on to 1000 for each site. Moreover HTML sources and bot debug information are n
ot stored
in this tab. This is to prevent an out of memory error when a really large num
ber of users is captured. Don't worry, all users will be saved at the end of the
bruteforce
session even if they don't appear in this tab.
- Now the debug.txt is kept in the memory for better performance. It will be wri
tten and shown under user request by clicking on the proper button from the prog
ression frame.

For this reason the option is not more in the general settings frame. File lim
it is still set to 10 MB.
- Added new option in general settings frame that will help users with performan
ce problems.
- Now you can mark a failure key as expired account in advanced mode. Such combo
s will be saved at the end of the bruteforce session.
- Fixed 1 critical bug and 2 major bugs in the OCR extraction engine.
- Improved the subextraction filter in OCR engine.
- Added new options in OCR wizard -> check them out :P
Finally 2 more languages for Tess have been added -> cp5 and cp6. They are like
cp10, but cp5 is a full language set, while cp6 includes only digits and upper l
etters.
Thanx again to Jenva22 :)
Version 1.3.4
First thing, this version comes with new language packs for Tesseract: cp4, cp7,
cp8, cp9 and cp10. From now on, if you want to check
for which captcha a language is for, you must download language samples, availab
le as separate download.
But i must thank and congratulate Jenva22 who gives me an improved cp1, an impro
ved cp4 and finally cp10: with these ones you can get
around 80% recognition rate at very fast speed on some not so easy captcha. So y
ou must give credits to Jenva22 for these ones :)
And now let's go with the changes:
- Added a very major feature: annoying sound on hit, no need to explain this one
i guess and you must thank user zero for this one, he kept annoyng me
at vey fast rate until i implemented this one, so kudos to zero :)
- Improved proxy analyzer engine:
1) Now in the options form you can select and create judge profiles. A judge pro
file tells MBA which key have to be on the judge answer and how to parse gateway
and
annon level string. In short now each judge on earth is supported :P
2) Improved internal judge: the judge will tell you if a proxy is detected as su
ch, i.e. you'll be able to differentiate between high anonymous and anonymous pr
oxies.
3) Now the analyzer will tell you the country of the proxy/socks.
4) You can skip judge test on proxies already checked: in this way proxy test ag
ainst a site and/or https test will be much faster for already judged proxies.
5) Other additions that you must discover by yourself since my lazyness has reac
hed its limit on this line :P
- Separate lists support -> from the wordlist frame you can now select three ope
rating modes: Legacy Mode, Separate Lists Mode 0 and Separate Lists Mode 1.
- Now you can tell MBA to save good usernames on a file. A good username is a us
ername that is in the server database, but the combo associated is marked by MBA
as bad since the pass is wrong.
You can tell MBA to mark such combos as good usernames combos by adding a fail k
ey in advanced mode and selecting proper key type. Moreover good usernames will
go in the new users tab.
- You can mark also keys as bad usernames: in this way a combo with a bad userna
me in it will be not retried.
- Global keys now support header/source ban and retry keys. The global key is ad
ded by default as a global sorce retry key. By adding the key in advanced mode,
you can set the key to other types listed above. For this reason file for global
keys has been changed, so use the new one available with this version.
- Database has been improved: now it operates in two different ways and the best
mode is selected automatically based on the type of image downloaded.
For this reason you must use the new database available in this version. Moreove
r the database update engine has been moved to a separate thread
and you'll be able to see the update progress from a crappy gui :P
- You can set a key captured as credit type: in this way the data captured will

go in the new column credits in the history frame. Anyway take into account that
the data captured need to be a number, so no letters or shit chars allowed. It s
upports anyway decimal separator (both '.' and ',').
- Overall redesign of frames controls...you will see :)
- Minor additions here and there.
- Minor improvements here and there
- Critical, major and minor bug fixes here and there.
Version 1.3.3c
- Ok, I found a way to minimize graphic corruption under Vista/Seven without the
need of frame refreshing. This means two things:
1) Now Windows Vista/Seven refresh mode is disabled by default.
2) No more flickering.
- In last version i completely broken email saving...sorry guys i was a little t
ired and i had too much beer the day before :P
- Fixed some mispelling and wrong format for keys captured under Parsing code wi
zard (Thanx Arden)
Version 1.3.3b
- Changed the timeout engine from a timer based one to a thread based one: this
should solve some issues on certain systems.
- Improved the aborting engine for both the bruteforcer and proxy analyzer: now
when a bot is hard aborted it should be freed without any problems on any system
s :P
- In the proxy analyzer if site analysis is enabled, the engine shows in greater
detail the site check result.
- In the proxy analyzer when options are changed, the changes are applied upon f
orm close (i.e. as soon as the user click on use data button) -> no need to swit
ch frame.
- Now if a problem arises when loading history file, the save function is disabl
ed. In this way there's no risk to overwrite the file with an empty one. Same be
haviour applies to global source keys file.
- Solved minor graphic corruption issues in keywords frame and wordlist frame.
- In wordlist frame now there are the box to load separate username and password
files -> there is only the gui, no active code -> full support in next version.
- Minor improvements here and there
- Minor bug fixes here and there.
Version 1.3.3a
- Added computational OCR option in OCR Wizard: MBA will try to get a result fro
m an image that is actually an algebric operation.
- Added two new columns in history frame: Emal and Premium.
1) MBA will automatically recognize an email from captured keys and add it to
the colums email. Take note that MBA will not extract emails from a string captu
red -> it will just check if the string it is an email. So be sure to capture ju
st the email with a parsing string, i.e. no html tags or other shit is allowed :
P
2) If you define a key in parsing code wizard as a date in custom functions me
nu, then this date will be added in the premium colums of the history frame. If
you have an old snapshot and you want this feature to work, it is enough that yo
u open the parsing code wizard and set the key that captures the premium date to
(surprise surprise) premium date :P
If the key is already set to unix date or mega date, then this new feature
will work automatically.
- Added new saving options in history frame. Go check them you lazy crackers :P
- Solved a serious memory leak in OCR engine that would lead after sometime to a
thread creation error.
- Minor improvements here and there.
- Major and minor bug fixes here and there.

Version 1.3.3 (Final)

- Additional redirect URLs configuration by variables was broken in previous bet
a -> fixed.
- Now files browsing should work without performance issues under XP too.
Version 1.3.3 BETA 4
- Fixed crirical bug in OCR Wizard that would cause corruption in the shown pro
cessed image.
- Fixed major bug in History frame that would cause an out of bounds error when
saving the hits to a file.
- Fixed critical bug that would cause under certain conditions MBA to close with
out messages when browsing for a file with OCR engine active.
- Improved multithreading engine: now there are less threads managed with a simp
le dispatcher engine: so around same performance and better memory usage.
- Added new option in Fake Settings Frame that let the user disable (for form si
tes only) the default follow redirects method: i.e. the user can now force MBA t
o follow redirects at bot level -> this means that before following a redirect,
header keys are checked and ONLY if not match is found THEN the redirect is foll
owed.
- Now OCR stage engine can be set after Intermediate Action Stage. If you enable
this feature, for now you must configure Image URL by variables.
- Now MBA should detect if there are any problem with Tess.dll and help the user
locate the problem when such errors arise while user try to recognize an image
in Tesseract mode.
Moreover added a new language for Tesseract. To check each language for which ca
ptcha is for, look in the directory Image Language Samples.
Version 1.3.3 BETA 3
- Fixed major and minor bugs here and there.
Moreover:
- Added new Tesseract language cp2 that allows a recognition rate around 97% for
21sextury captcha.
- Added new captcha to image database, see sample 5 in images database samples d
ir (big thanx to robdrobd, Jdogzz and Protektor).
Version 1.3.3 BETA 2
- Fixed major and minor bugs here and there.
Version 1.3.3 BETA
- Now MBA supports multiple sites bruteforcing.
- Improved multithreading engine
- Improved Tesseract behaviour: now the recognition rate remains stable across a
large number of images on all capthca...previously it would decrease with certa
in capthca.
- Now right string in custom parsing code supports jolly char '*'. This feature
together with new option maximum right string length will allow for some really
powerful data capture.
- Added multiple options in fake settings frame, too lazy to enumerate them here
...see by yourself :P
- Solved critical bug in database mode.
- Solved critical bug in the cookie engine.
- Minor improvements here and there.
- Minor and major bug fixes here and there.
Version 1.3.2
- Added additional redirect feature: now from variables wizard you can add how m
any additional redirect URLs you want -> from each page got, MBA will capture da
ta definied in the Capture Stage. See context help for details.
- Improved image URL parsing by variables: now if you link the Image URL to a va
riable, the variable settings will be used by OCR Wizard. This is useful for som

e sites that define the captcha URL by javascript -> in these cases only way to
get the image URL is to use variables.
- Now in varables wizard you can define conditional variables, i.e. variables th
at are not needed to compete successfully the authentication process.
- From now on, only one istance of MBA will be available...i know that this will
upset some of you boys and girls (there are girls too, right? :P), but fact is
that atm MBA doesn't support multiple istances, but do not worry, multi site cra
cking will be implemented, so only one istance you'll need!
- Now you can send a proxy/sock to the http debugger from the progression frame
- Changed a little how the Hits are saved: from now on only the results with a s
uccess key match will go in the "Hit Tab", the ones got from the afterfingerprin
ting engine will go to the "To Check" Tab and WILL NOT automatically saved in hi
story.
So better you check these results to check...i reccomend you to check the sour
ce by right click -> view source answer in browser, in this way you can properly
update success keys.
- Now Afterfingerprint can be disabled for form sites too.
- Removed two options for the basic auth engine ("check hit with another proxy"
and "check meta redirect"), since with the new engine these options were useless
, well at least i never used them :P
- Solved a majorl bug triggered under certain conditions when socks are used
- Mnor bug fixes here and there
Version 1.3.1b
- Solved critical bug that caused a sudden program crash on certain sites with f
ollow redirect enabled (well actually this bug was triggered by 1 site...thanx t
o machak110 for reporting)
- Solved a memory leak in the custom parsing engine
- Added URL encoding pass to data captured with parsing code when the value extr
acted has to be posted
Version 1.3.1a
- Finally fixed a critical bug in the HTTP library triggered randomly when brute
forcing HTTPS sites with SSL proxies. I tested various sites and now SSL works b
eatifully. Anyway if you experience other bugs, please report to me.
- Fixed a bug in the History engine (thanx to machak110 for reporting)
- Fixed a bug in the URL syntax checking engine (again thanx to machak110 for re
porting)
Version 1.3.1
- Now MBA is able to process animated gifs with Tesseract.
- Improved the combo filtering engine by adding new options.
- Improved the parsing code: now you can use recursive mode in order to capture
multiple strings with one parsing string -> ideal for capture table data.
- Left string in parsing code now supports jolly char * that matches any string.
In this way you're able to capture data when the left string generated by parsi
ng code wizard contains variable data.
- Introduced conditional OCR: you can activate the OCR engine only when a user c
onfigurable string is matched against the source page -> ideal for sites that re
quires a captcha after a certain number of failed attampts.
. Improved the form engine.
- Moved to separate threads several engines to improve performance and stability
.
- Solved major and minor bugs here and there.
Version 1.3.0
- Solved two major bugs in the HTTP library: now https proxies work as expected
and socks behaviour is improved.
- Now HTTPS proxies are enabled by default. Anyway if you experience abnormal pr
ogram behaviour with https proxies enabled when bruteforcing https sites, you ca

n always disable them from the proxies settings frame.

- Now the proxies analyzer is able to check socks too.
- Solved critical, major and minor bugs here and there.
Version 1.3.0 BETA
- Introduced HTTPS support. MBA supports HTTPS by direct connection or by socks.
ATM for a bug in the HTTP libraries, HTTPS proxies are not supported,
anyway you can force the use of such proxies by enabling them in the proxies s
ettings frame.
- Now MBA supports socks level 4 (they must be 4a) and level 5. You can use sock
s with both HTTP and HTTPS protocols. If you want to import socks in the proxies
list,
you must select load socks (you must specify level) from the Proxy List settin
gs frame. You can of course import socks from the clipboard too.
- Improved the Variables Wizard with new functions added.
- Improved the capture engine: the keys will be captured on both the post answer
and the form redirect answer.
- Improved the Form Redirect URL: now the redirect condition will be matched aga
inst headers too.
- You can now view the received headers in your default text editiors by right c
licking on a URL in the progression frame and selecting the appropriate option.
- You can copy to clipboard the Redirect URL of a redirect result by right click
ing on the URL in the progression frame and selecting the appropriate option
- The Save filter has been improved: i suggest you to use as new filter string t
he following one:
Keys captured:\n-------------\n<KEYS>\n-------------\nCookie received: <COOKIE
>\n
- Solved major and minor bugs here and there
Version 1.2.9a.1
- Improved Waiting Window behaviour
- Now when a form redirect is triggered, the negine automatically recognizes if
it has to follow true redirects, i.e. 3xx header codes.
Version 1.2.9
- Introduces Variables Wizard, a new wizard that can be launched from the Post W
izard. From here you can create Ajax variables in order to defeat some strong Aj
ax sites out there.
- Now you can use in both Parsing Code Wizard and Keyword Wizard safely characte
rs reserved for string formatting, i.e. "|", "&" and ";". This chars will automa
tically replaced by their ASCII codes.
- Now in the general settings frame you can set 0 (new default) in the delay be
tween each bot relaunch.
- Improved Snapshot engine.
- Fixed critical, major and minor bugs here and there.
- Updated Image database for several sites -> big thanks to johnmaxwell and jenv
a22
Version 1.2.8d
- Now all the combo related settings are in the general settings frame. Added tw
o new options to the combo filter: you can now filter combo containing a defined
set of characters and can force for each combo the password to be equal to the
username.
- When a combo list is loaded, for all rows without the separator (:), the passw
ord will be set equal to the username.
- Improved the cookie engine for sites that, before sending the login page, send
a chain of redirects for ajax script initialization.
- Improved the HTML tags checker.

Version 1.2.8c
- Added Image Blending option to OCR Wizard:enable this option if the capthca im
age is made of two images, one that acts as a background image and a top image t
hat blends over the background image.
- Added Tesseract offline testing: in this mode all images in the selected direc
tory will be processed with the current OCR Wizard processing options and the OC
R Recognition Rate will be computed. This is useful for quickly tweaking process
ing options. You need to put in a directory all the captcha images renamed with
the capthca code. You can use the acquire engine to save the capctha images. In
order to have a good Recognition Rate evaluation use at least 100 images.
- Added new option "Source Tags Checker" in Fake Settings Frame: if this option
is enabled, the engine accuracy with respect to false positives will greatly inc
rease, especially for real time OCR from sites, where the afterprint engine is d
isabled from version 1.2.8 for speed reasons.
- Fixed a minor bug in OCR Wizard.
Version 1.2.8b
- Solved critical bug in extract characters procedure
Version 1.2.8
- Added a lot of new options in the OCR Wizard, such as Line Remover, Adaptive I
nvert, Characters SubExtraction and...well check for yourself :)
- Now you can tell Sentry to not update the Image URL: this should improve brute
forcing speed for some sites that use static image URL.
- When refresh cookie is selected and no data are needed from the login page, no
w the bot will return as soon as the cookie is updated: another feature to impro
ve bruteforcing speed.
- Now the parsing engine recognize correctly not visible fields marked as input
fields: this fields will be marked instead as hidden.
- Now you can copy in forum format hits from the histry frame: useful for all la
zy crachers out there...
- Solved critical bug in OCR WIzard.
- Solved major bugs in Parsing Code Wizard and Keyword engine.
- Solved minor bugs here and there.
Version 1.2.7.b
- Now you can set color tolerance individually of each color to remove in second
stage of Image Processing engine
- Tolerance option extended to third stage colors too
- You can enable fonts horizontal reconstruction in third stage
- Solved major bugs in Form Parser engine
- Minor bug fixes here and there
Version 1.2.7
- Added new tolerance option in OCR Wizard useful to remove with greater effecti
veness unwanted background colors from captcha image
- Now you can download the image from the OCR Wizard with a proxy chosen from th
e proxy list loaded in Sentry.
- You can update in real time the keywords that the Briteforcer is using by clic
king on the new Update button available from the keywords settings frame
- You can set a retry key as bad ocr code type in order to get realtime statisti
c showing the recognition rate of capthca images while bruteforcing
- Now the refresh data option in post wizard refreshes login and password fields
too
- Solved a major bug in OCR engine by upgrading the mutithreading management of
OCR threads
- Solved minor bugs here and there
- Updated the image database for fixed captcha sites (thanks johnmaxwell and jen
va22)

Version 1.2.6b
- Solved three major bugs in the OCR engine
Version 1.2.6
- Changed the Snaphot Format: now all the keywords are saved in the main snapsho
t file (<site_domain>.ini in SnapShots directory). In this way it's more easy fo
r users to share their profiles.
In order to convert a snaphot form a previous version to the new format follow
carefully these steps:
1) From the general settings frame, click on the button load snapshot, browse
to snapshot directory and select the file you want to convert.
2) You will be prompted to enter the member URL of the site: enter the member
URL exactly as it appears in Sentry Site text box.
3) Click on the button save snapshot
- Changed the resize filter in the OCR engine since the previous one was not goo
d for Tesseract
- Changed the resolution steps of the resize filter: a resize value of 1 will ge
t the image resized to 110%, 2 to 120% and so on. So for example in order to rez
ize the image to 2X, enter 10 (200 %).
- Added a new function in OCR Wizard: Training Mode for the Acquire engine. This
feauture let the user generate a training page in tif format for training Tesse
ract. Experimental!
- Now the OCR Wizard scan for all Tesseract languages installed in Tessdata dire
ctory and let the user select the language that Tesseract will use for image rec
ognize.
- Added a new option in Fake Settings frame: Ban Proxy on empty source -> by ena
bling this option, the engine will ban proxies that receive an empty body for th
e site under attack: useful for some sites that keep sending empty HTML sources
when they ban a proxy.
- Solved some minor bugs.
Version 1.2.5
- Added new option in OCR Wizard: now you remove with two different options colo
rs form background and colors form the fonts. In the second case, the processing
engine will try to reconstruct the characters after removing the selected color
s.
- Added new option in the last stage of OCR Wizard that allows to convert to low
er case or upper case the OCR output string.
- Solved some minor bugs.
Version 1.2.4
- Added Reconstruct option to OCR engine: if this option is disabled, the proces
sing engine will not reconstruct the capthca characters after removing the color
s you selected in second stage.
- Added Pixel Info text box to OCR Wizard: the box shows the user the pixel colo
r properties when the user moves the mouse pointer around the image process box:
this should help configure the processing options.
- Added UpDown buttons to increase/decrease each numeric value in the image proc
essing options.
- Solved a bug that would keep removing colors added to the Combo menu in second
stage options even if the remove color option was disabled.
Version 1.2.3
- Added Blur option to the OCR engine, useful to remove noise from the captcha i
mage.
- Added Remove colors option to the OCR engine, useful to remove lines that over
lap the captcha Fonts.
- Now the OCR engine saturation option allow to desaturate colors with negative
values, useful to decrease luminosity of unwanted object from the captcha image.
- Improved the OCR characters extraction algorithm with new options.

- Added string filter feature to the OCR engine.

- Improved a lot of code in the OCR multithreading engine.
Version 1.2.2
- Improved the OCR engine multithreading
- Solved a bug that would cause an OCR Thread to keep busy Tesseract when the pr
ocessing engine does not recognize the image format
- SOlved a bug introduced in previous version that would keep the Abort button i
n the OCR Wizard disabled even after pressing the Start button
- Extended the image database to some Strongbox sites that use a little differen
t format for the captcha images
Version 1.2.1
- Now the OCR engine (image processing + tesseract) is a fully multithreaded eng
ine. This means that the main thread (i.e. the GUI) is not slowed down while bru
teforcing Captcha sites.
- Added context help to all the image preprocessing options in the OCR Wizard.
- Improved performance and accuracy on the extact + rotate image preprocessing o
ptions. Some work has still to be done in this area.
- Solved a bug that would cause the OCR WIzard to stop responding in certain con
ditions.
- Solved a bug that would cause an incorrect parsing of the Image URL in certain
conditions.
Version 1.2
- Added full OCR support with Tesseract integration. This feature is still an ea
rly implementation, so expect some bugs. More options will be added later.
- Changed Parsing Code Wizard and OCR Wizard interfaces.
- Added new option to Parsing Code Wizard: now you can send to intermediate acti
on too the data retrieved from login page with custom parsing.
- Fixed a bug in the parsing code that would prevent to extract correcly images
URLS when special characters (\t and \n) are used.
Version 1.1.03
- Changed the images database engine algorithm: now it is a little faster and mo
re accurate. Replace the ImageData.dat with the new one!
- Improved the image URL parsing
- Fixed a bug that would prevent the OCR from recognizing some captcha.
- Now the images acquiring engine that can be launched from the OCR Wizard is ab
le to automatically detect fixed captcha sites: the Status text box becomes gree
n when such a site i detected.
Finally the Image database has been extended by adding some missing strongbox im
ages (from the latest version).
Version 1.1.02
- Added new database function available from the general settings frame: by clic
king on the button "Update Images Database From File" you
can update your own database from another user database. In this way users can e
xchange individual database upgrades.
- Fixed some bugs here and there (i totally forgot which ones i fixed...)
Version 1.1.01
- Now the OCR Wizard shows correctly animated gifs
- Solved some minor bugs in the Keywords Frame and in the OCR Wizard form
Version 1.1
- Added support for Strongbox and other "Fixed Captcha" sites. The OCR engine fo
r these sites is based on the database file ImageData.dat.
Support for other sites that use fixed captcha images but not included in the
database can be added by the user thanks to an image acquiring engine and

to a built in function able to update the database with a single button click
.
- All OCR settings can be configured by launching the new "OCR Wizard" available
from the "Post Wizard".
- Improved the Keyword Engine: now you can configure special key matching functi
ons by launching the new" Keyword Wizard" available from the Keywords Frame.
- Improved the Proxy Analyzer Engine: now the engine is a full 3 levels stage en
gine. Moreover you can filter the proxy list by using the included IpFilter.dat.
The users can also modify the IpFilter.dat to better suit their preferences: t
he only constraint is the file format, that must be "Emule style" format.
- Updated the core components to the last versions.
- The program now looks correctly under Windows Vista/Seven, except for really m
inor glitches.
- The Proxylist and the HistoryList are dynamically updated when the Bruteforcer
is running.
Moreover all the changes you make in the Proxylist are transferred in real tim
e to the Bruteforcer.
- Changed the GUI to my tastes: i hope you like it! Thank you Claudia for the aw
esome pictures!
- Major improvements to the form and basic engines.
- Added new minor functions here and there: try the program and discover for you
rself ;)
Version 1.03
- Now you can build your own Parsing Code by using the new Parsing Code Wizard,
available from the Posting Wizard. For details see included help.
- The History List has two new columns: Captured Keys and Received Cookie. Moreo
ver by right clicking on a site in the list you can copy the Cookie to the clipb
oard.
- The save filter in the History Options can accept the new variables <Keys> and
<Cookie>.
- Now Sentry validates the syntax of the user settings in each frame. An error i
s issued if the syntax is wrong.
- The Custom Parsing Code Engine has been improved: now it's possible to set the
fields to capture independently from the order they appear in the HTML source.
- The Default Parsing Code Engine has been improved too: now it captures correct
ly the form fields on all sites (based on my neverending tests...) that do not g
enerate the form object by javascript.
Version 1.02
- Bug Fixes here and there
Version 1.01
- Bug Fixes here and there
Version 1.0
First MBA version. See included "Sentry_MBA_Help.pdf" for details.