Sentry Manual The purpose of this manual is to let the user become efficient when using all of Sentry's options. I tried to make the User Interface as friendly as possible, but some confusion may occur. Hence, I created this html document.
Table of ontents !. "uick #aunch Menu $. Main %. &eneral Settings . Simultaneous (. )ordlist *. +roy %. My #ist . lack #ist . %naly-er . /ptions 0. Statistics
1. History %. History . /ptions . 2eply
3. Manager
4. 5ake
6. Settings
7. Misc %. HTT+ ebugger ebugge r a. Main b. +age 8iewer c. /ptions . %uto9+ilot a. Task Task #ist b. /ptions c. 2esults
!:. +rogression %. ots . 2eplies
!!. %bout
!. "uick #aunch Menu "uick #aunch Menu ;upper right corner, button with the ee icon< is a way to start your fa=orite programs through Sentry. >ust open a +ath To 0e file using the open button in the editor. The name is filled in, by Sentry, of the program you chose according to the filename of the program. The icon is ripped from the 0e file to b etter identify your programs. Then hit the %dd button to add the program to the "uick #aunch menu. lose the "uick #aunch 0ditor and click the "uick #aunch Menu to see the program you added. 0=erything is editable, ecept for the icon. $. Main The main page has all the general options. #et's go through each one in detail. %. &eneral Settings The Slider at the top determines the Speed of Sentry, or how many bots you want Sentry to launch. It is recommended to use between (: 9 1: bots with S#?able or higher, and !19$: bots with 13@ Modem.
)hen Set #ength 5ilter is checked, you ha=e the ability to kill certain words in your wordlist. )hich means, say you are testing a site that restricts usernames and passwords to 396 length. Using the #ength 5ilter, you can check it and type 3 in the first tetboes and 6 in the second tetboes. I0.
UsernameA +asswordA
3 to 6 3 to 6
This would effecti=ely filter out any combos which are not at least 3 characters in length and at maimum 6 characters at length. )ordlist +osition is eactly what it means. It is the position at which Sentry is at your wordlist. So if you want to start with the first combo in your wordlist, you would either mo=e the Slider to !, type ! in the tetbo, or hit the 2eset utton to the right of the Slider.
The )ordlist +osition Slider is mo=eable during a test. This mean if you are in the middle of running a site and you feel the need to mo=e to the end of your list, you can simply drag the slider (?* of the way and Sentry will immediately begin testing combos from that position. Bou can also go backwards during a test. If you start a test without reali-ing that you are (?* into your wordlist when you pressed the Start utton, you can hit the 2eset utton and Sentry will start from the beginning of your wordlist without you ha=ing to restart the test and resetting the wordlist position.
ots Timeout in Seconds, where is a integer which must be greater than :. Sometimes, during testing, a proy decides to hang or take a really long time to reply. )ith this option, you can ha=e Sentry retry combos with a different proy if the proy takes longer than Seconds. %fter Seconds, the reCuest is aborted and retried with a different proy. This will speed up testing when using some slow proies.
/ptions
%gent 9 Simply defines the %gent 5ield of an HTT+ 2eCuest. This field is used for the ser=er to effecti=ely identify what type of browser or agent is being used to connect. This is also the same field which can identify the /perating System you are using. The efault 8alue will Dust gi=e the ser=er some =ersion type of Mo-illa. 2eferer 9 This defines what 2eferer 5ield you want to send to the ser=er. The 2eferer 5ield is used so the ser=er can tell what web page referred you to the current web page you are reCuesting. The two options, E%S0 U2#F and EM0M02 U2#F, can tell Sentry to use the ase U2#, or the Member's U2# as the referrer. I.0. httpA??www.somesite.com?members?inde.html ase U2# G httpA??www.somesite.com Member U2# G httpA??www.somesite.com?members?inde.html
ebug
0=erytime you recei=e a hit, if )rite ebug Information on Hits is checked, Sentry will dump the Header and the Source returned from the ser=er in a file called ebug.tt 2eCuest Method This is the method which Sentry will use to send your reCuests. H0% Dust returns the Header 2esponse from the ser=er. &0T retrie=es both, the Header 2esponse and the Source of the webpage. /b=iously, H0% uses less bandwidth and is faster because it doesn't return the source of a webpage. ontrol +anel #oad % Snap Shot will allow you to load a Snap Shot's settings into Sentry. This is useful if a site you are testing beha=es the same as another site which you already ha=e a Snap Shot for. Bou can Dust load the Snap Shot for that Site, change the SiteA field and run the test. Sa=e % Snap Shot will allow you to sa=e a Snap Shot's settings to a .sss file. It is a good idea to sa=e a default.sss Snap Shot so you do not ha=e to untick and clear all the fields in Sentry when running a standard test. Send To %uto9+ilot sends the current site to the %uto9+ilot's Task #ist. Snap Shots Snap Shots is a feature that will sa=e you time. % Snap Shot is basically what its name describes it as. )hen you test a site for the first time, a Snap Shot is created. )hat this file contains is all the essential details in Main and 5ake tabs. )ordlist, )ordlist +osition, and +roy Information do not sa=e. Here is a list of the options that are sa=edA 9 Site's member U2# 9 ots 9 #ength 5ilter 9 Timeout
9 2eCuest Method 9 an +roy /n @ey +hrase 9 an +roy /n $:: 9 Success @ey +hrases 9 ontent9#ength 9 heck Hits 9 ustom Hit 2esponse 9 Use Same 5ake +roy The engine is built e=en so you can use shortcuts once a Snap Shot eists. 5or instance, you open up Sentry and decide to run httpA??somesite.com?members?inde.html If you ha=e a Snap Shot of that site, you can Dust enter somesite.com in the Site omboo. Sentry will automatically detect that you ha=e a Snap Shot of that site and will ask you to load it. In the abo=e case, if you load it, the Site omboo will now be replaced with the Member's U2# sa=ed for that site. If you choose not to load it, be prepared for a lot of $:: responses A< . Simultaneous 0nable Simultaneous Testing Simultaneous Site Testing is an option which allows you to test multiple sites simultaneously. How this works is say you ha=e a list of sites you want to test, let's say (. Using this option, you can put the first site in the main Site omboo, then the other $ sites in the Sites #isto on the Simultaneous +age. This is how Sentry tests the SitesA ombo!
ombo$
9F Site! 9F Site$ 9F Site( 9F Site! 9FSite$ 9F Site(
etc...
The same pool of proies are used ;My #ist< for all Sites, therefore, if a proy is banned from one site, it will not be used against the other $ Sites. This may eat proies fast.
(. )ordlist This +age is used to load a wordlist, and to use some manipulation features on your wordlist, if you choose to do so. ombos is a the #isto in which your combos will be loaded into. The #abel in the upper right hand corner will count how many combos are in the current combo list loaded. Single #ists are not supported in Sentry. Use 2aptor to con=ert $ Single #ists to a ombo #ist. /nly #A+ ombos are supported. Tabs are not supported.
2ead )ordlist 5rom isk is an option which allows you to ha=e Sentry read a wordlist from your hard dri=e. This can be useful if you do not want to waste the memory in loading the wordlist into Sentry. There are a few drawbacks to this optionA !. Bou cannot change the position of the wordlist during a test like you can when loading a wordlist into Sentry. The wordlist will run in seCuential order into the end of the test. $. It is slightly slower than loading a list into Sentry's memory. The speed difference is =ery minimal, almost not noticeable, but I thought I would mention it anyway. (. Bou cannot use this option when using the %uto9+ilot. More on %uto9+ilot later. Manipulation is the art of manipulating, on the fly, a combo from your wordlist. +refi is a term which means before, so anything typed into the +refi Tetoes will appear before the %ctual ombo. Suffi is a term which means after, so anything typed into the Suffi Tetoes will appear after the %ctual ombo. In=ert User will re=erse the order of each letter in the Username. In=ert +assword will re=erse the order of each letter in the +assword. The In=ert /ptions in=ert as an initial step, meaning a combo is first in=erted, then the prefi and suffies are attached to the in=erted username or password. If you do not want a prefi or suffi, make sure all * Tetoes are empty. I.0. /riginal ombo G usernameApassword Username +refi G !:: +assword +refi G $:: In=ert Username G hecked
Username Suffi G 777 +assword Suffi G 666 In=ert +assword G hecked
username will now be manipulated to !::emanresu777 password will now be manipulated to $::drowssap666 The actual wordlist is ne=er modified.
*. +roy The +roy +age handles all Sentry's proies. It is spit up into se=eral categories. The Slider at the top of the page controls how many bots the +roy %naly-er will use. %. My #ist >ust like in %ccess i=er, My #ist contains the proies which Sentry will use to test a site with. +roy 2otation is set to !. This cannot be changed. o Jot Use a +roy can be checked if you do not want to use a proy while testing a site. This is not recommended and should only be used if you do not want to remain anonymous. Use a Single +roy can be used if you only want to use a single proy to run all your tests with. This is not recommended but can be used if you want to speed up testing by only using a
single, fast proy. Status is a column which will be blank at first. )hen a test is being ran, all proies which return a bad response or need to be banned for some reason will appear with their reason of why they were banned. )hen you 2ight lick the #ist8iew, you will see se=eral optionsA 2eacti=ate Selected +roies will mark all proies selected as 2eacti=ated. This will make them eligible net time Sentry is assigning proies during a test. Use +roy in I0 will set the proy selected as your current proy in Internet 0plorer. #oad a +roy #ist will load a list of proies into My #ist. +roies are compared against lack #ist and then loaded into the +roy #ist8iew. This should not be used unless you are sure you ha=e a list of anonymous proies that do no need to be =erified first. %ll other options are self eplanitory. . lack #ist The lack #ist contains proies which you may think are dangerous. #oad a bunch of proies into the lack #ist if you ne=er want Sentry to use them. 0=ery time you Update My #ist in the +roy %naly-er, these proies are compared against the proies in the lack #ist and those in the lack #ist do not appear in My #ist. . +roy %naly-er The +roy %naly-er contains all the proies you want to test to see if they are anonymous, or fast. To begin an anonymity test, simply click the start button ;small button with the lightning bolt, not the large button at the top<. )hen the test finishes and you want to remo=e all the bad proies, you can do so by clicking the brush button on the right. This will pop up with a menu where you can 2emo=e uplicates, ad +roies, Timeouts, or &ateways. &enerally, all ad +roies and Timeouts should always be remo=ed. The columns listed are +roy, +ort, Status, &ateway, %non, *:!?#e=el, Speed. Status is what 2eply the proy returned with. &ateway is the &ateway I+ %ddress returned by the +roy. If &ateway does not match the original I+ of the proy, it is considered a &ateway. %non is simply if the proy is anonymous or not. *:! ;only if Internal +roy Ser=er is hecked< is determined if a asic %uthentication page is able to be accessed through the proy. #e=el is the le=el which is returned from the +roy>udge. #e=els should only be used to simply tell you if Sentry went to the right location ;the +roy>udge< or if it got redirected ;#e=el will be unknown<. #e=els do not determine if a proy is more anonymous than another proy. Speed ;in milliseconds< is the time it takes a proy to complete its reCuest once launched. The lower the number, the faster the proy is.
2ight licking on the +roy %naly-er #ist8iew, you are presented with se=eral optionsA %ll are self eplanatory ecept Update My #ist. This option is used to transfer all the proies from the +roy %naly-er to My #ist. The +roies are compared against your lack #ist and then sent to My #ist. My #ist will now contain the proies from the +roy %naly-er #ist8iew.
There are three types of +roy %naly-ers in Sentry. %n Internal one ;like +royrama<, or the standard eternal one ;uses +roy>udges<, and a special one ;To test proies against a specific site<. Internal +roy>udge %n Internal +roy>udge is simple. Bour computer acts like an HTT+ Ser=er and it connects back to it with the proies in the list. If your I+ is found in the Header ata ;KL5/2)%20< field, then the proy is not anonymous. *:! determines if the proy supports a asic %uthentication. %lmost all proies do, so this field should almost always ha=e a Bes. The proy connects to the HTT+ Ser=er and recei=es the Header of a asic %uthentication +age. If the response by the +roy is a *:!, than the proy supports this. %ll pages are created =irtually so you don't really ha=e a proyDudge.html, etc. on your computer anywhere.
#ocationsA
+roy>udgeA httpA??EB/U2LI+FAES02802L+/2TF?proyDudge.html
asic %uthentication +ageA httpA??EB/U2LI+FAES02802L+/2TF?secure?fuck?se?boobs??inde.html ad words in the asic %uthentication path will filter out proies that sensor sites.
JoteA hanging the Ser=er +ort will not allow some proies to work. Some proies can only connect to port 6: and changing this port may cause some perfectly legit proies not to work. 0ternal +roy>udge %n 0ternal +roy>udge connects to a third party webpage, where a third party script is used to analy-e if a proy is anonymous or not. The problem with this is simple. If the ser=er hosting the +roy>udge goes down, you will ha=e to restart a test. The speed is calculated depending upon the proy you are testing to go to the webpage and then back to your computer. This means, if a proy is located near the +roy>udge, you will recei=e a better speed =alue for that proy, instead of a true ping time from your computer to the proy like the Internal Ser=er does. Specific Site Under +roy 9F /ptions 9FSpecial there is a checkbo which enables you to check proies against a specific site. This option is =ery useful to determine if proies return a asic %uthentication response or to determine the speed it takes a proy to connect to the site and back to your computer. %ll *:! responses are accepted and anything else marks a proy as ad.
If +arse Specific Site for @ey +hrases is checked, then a proy will return good only if one of the specified key phrases are found. Status odes are ignored. . /ptions +roy>udge is a omboo which will store your +roy>udges e=ery time one is used during an eternal proy test. The icon to the right of the +roy>udge omboo is used to launch the +roy>udge in your browser. +roy Timeout is used to determine how long you want to allow the %naly-er to take until it aborts a reCuest being sent. This will speed up +roy %naly-ing because the engine will not ha=e to wait for proies which hang to abort. I+ is your Internal I+ address returned from Sentry at startup. If the I+ in the bo is not correct, you will not be able to use the +roy %naly-er, because Sentry will not know what I+ it should compare the proies with to determine if your proy is anonymous or not. &et 0ternal I+ can be used to get your I+ from a third party website. If your Internal I+ is wrong, this option can be used. &et 0ternal I+ on Startup will retrie=e your eternal I+ when Sentry starts up. Test +roies against a Specific Site can be used to enable the Specific Site analy-er. 0nter the U2# of a webpage which responds with a *:! ;asic %uthentication< response. Use H0% 2eCuest Method determines which 2eCuest Method Sentry will use with the Specific Site analy-er. Jormally you should only use H0% 2eCuest Method if you plan to test the site using H0% 2eCuest Method. Use &0T 2eCuest Method is the same as abo=e ecept for the &0T 2eCuest Method. 2eacti=e %ll +roies when %cti=e +roies 0Cuals is an option to determine when Sentry should reacti=e the proies in My #ist. % number like !: or $: is useful if you do not want to e=er go below that amount of proies being used no matter what. : is the default =alue which means when the last proy in My #ist gets banned, all of the proies in My #ist are reacti=ated. Use Internal +roy>udge can be checked to use the Internal +roy>udge. Start Ser=er should always be pressed before you do an Internal +roy test. This will start Sentry's HTT+ Ser=er on whate=er port you specified in the Ser=er +ort Teto. %bort Ser=er will abort Sentry's HTT+ Ser=er. Ser=er +ort will allow you to determine what port Sentry will use when running the Internal +roy>udge. 0. Statistics Shows some general statistics of your proies while or after a test is being ran. 1. History %. History Shows the sites in your history and what proy was used. %gain, the brush button can be
used to bring a menu up which will allow you to remo=e certain types of sites from your history. I.0. ad, 2edirects, Timeouts, etc. The slider at the top of the History +age will allow you to choose how many bots you want Sentry to use when running a History heck. The two small buttons to the left of this slider will start and stop a test, respecti=ely. 2ight licking will bring up a list of options you can choose from. They are all self eplanatory ecept for Use +roy in I0 which will allow you to use the +roy Used to return that entry in Internet 0plorer. . /ptions Use &0T instead of H0% will use the &0T 2eCuest Method to =erify sites instead of the H0% 2eCuest Method. &0T 2eCuest Method should only be used if you are defining HTM# @ey +hrases or if you ha=e some U2#s which only can be accessed using the &0T 2eCuest Method. ots Timeout is how long Sentry will wait until the reCuest launched will be aborted and the response is marked as a Timeout. efine HTM# @ey +hrase can be used to define a list of @ey +hrases which, if found in the respecti=e site's source, will be considered a bad reCuest. The reasoning behind this is if you know the failure phrases of some sites, you can effecti=ely reduce the amount of fakes returned by the History 8erifier. I.0. pennywi-e or blocked are good @ey +hrases to use to help reduce fakes. Bou can add as many @ey +hrases as you want. . 2eply Shows the replies which the History hecker returned.
3. Manager Site #ist displays a list of sites which Sentry has used. 2ight licking on the #isto brings up some optionsA /pen ase Site In rowser will allow you to =iew the ase Site of the U2# in your rowser. Send To Testing None will send the selected U2# to the Site omboo. Send To Simultaneous #ist will send the selected U2# to the Simultaneous #isto. )ordlist History will display the paths to all the wordlists you ha=e used with Sentry. 2ight lick on this #isto brings up some optionsA #oad %s ombo #ist will load the selected wordlist as a normal combo list into Sentry's memory. #oad %s ombo #ist 5rom isk will load the selected wordlist as a combo list which will be read from your hard dri=e.
4. 5ake Header +arsing
Header +arsing is a brand new type of fake protection. asically, you now can specify @ey +hrases in the header response sent to you by the ser=er. )hy is this usefulO Jo more relying on responses to determine if a combo is a hit or not. Some sites like to send out different?abnormal HTT+ 2esponse codes to fool bruteforce programs. Time to come up with a new method. I should not ha=e put this option in here, but too many people would wonder why it this method is still spitting out fakesA 1:( and 1:$ responses are automatically disregarded when using this method. If you are still getting fakes, use the ebug Header 2esponse option and add additional @ey +hrases. In theory, this method is flawless against certain sites howe=er, some proies like to gi=e you a different header than what is actually the correct HTT+ Header. That is why 2etry Hits Times works within this method. This is only for failure key phrases as successful key phrases don't need a =erification. Success @ey +hrase parsing only needs to find one of the listed key phrases to be considered a hit. This method, in conDunction with the ebug /ption, and a little thought can be =ery powerful. 5or more information on this feature, see the Tutorial.tt file which comes with Sentry. Source +arsing This option can effecti=ely eliminate fakes if used correctly. efine 5ailure @ey +hrases 9 If a @ey +hrase is found in the source of a returned $:: response, then it is marked as bad. If @ey +hrase is not found, reply is returned as a hit. 0tremely useful for sites that like to spit fakes. Sentry was built with this in mind. efine Success @ey +hrase 9 If a @ey +hrase is known on the members page, you can use this option to increase the amount of hits on a site. 5or eample, if you get a hit, you can scan through the source of the webpage ;i.e. members.html< and pick out a distincti=e @ey +hrase ;EtitleF)elcome to My Members %reaE?titleF<. 0=ery $:: reply's source is scanned for these good @ey +hrases. If one is found, then returned as hit. 0=erything else is a failure. This method also scans redirects for @ey +hrases. This method can eliminate fake replies. See Tutorial.tt for more information on this feature. ustom Hit 2esponse has been deleted. Use Success Header @ey +hrases which is showed in the Tutorial.tt file. an +roy on ad @ey +hrase 9 If a failure @ey +hrase is found, the proy is banned. an +roy on $:: 2eply 9 an proy if it returns a $:: response. heck Hits Times is standard fake protection. This option will check all hits returned by Sentry again with a different proy to see if they are truly hits. If heck Using The Same +roy is checked, the site will be checked using the same proy. heck hits using the same proy is not recommended to be checked.
ontent9#ength hecker will check the returned source to see if it is greater than amount of bytes. If it is, then a hit is recorded. If less than a mount, proy is banned. 6. Settings Sounds can be used with Sentry. y default, the paths point to the sound files which are included with Sentry. They can be changed, howe=er, to what e=ery you want. 7. Misc %. HTT+ ebugger Http ebugger sends reCuests to a gi=en site using =arious options. It follows redirects to completion which can be =ery useful for spoofing. a. Main This page shows the source and Header 2esponses sent and recei=ed. 0=en the cookie recei=ed is displayed. yte ount shows how many ytes were returned with the returned source. b. +age 8iewer isplays the source returned as it would look like in your browser. Some links can be followed through this, depending on the way the source of the webpage was written. It is not recommended to use this as a browser. It is simply there to show you how the source returned looks like when being =iewed in a browser. c. /ptions 2eCuest Method is simply the 2eCuest Method the HTT+ ebugger will use. +roies can be used with the HTT+ ebugger. 0=en a S/@S proy can be used. %uthentication is the username and password reCuired to enter a site. #ea=e empty if none are needed. %gent is the %gent 5ield you want to send when using the HTT+ ebugger. 2eferer is the 2eferer 5ield you want to send. ata To +ost is the data you want to +ost when using the +/ST 2eCuest Method. ookie is the cookie you want to send when using the HTT+ ebugger. Timeout is how long you want the HTT+ ebugger to wait until the reCuest is aborted. . %uto9+ilot %uto9+ilot is an option which can be used to test sites seCuentially with Sentry. Bou gi=e a list of sites and hit the start button and Sentry does the rest. %uto9+ilot reports a summary at the beginning and end of each Dob. Use the small abort button located in the %uto9+ilot Section. Bou cannot load a wordlist from disk when using %uto9+ilot. The list is automatically loaded into Sentry's memory when using %uto9+ilot.
a. Task #ist The list of sites which are currently loaded into the %uto9+ilot. The wordlist field is filled in with the current wordlist you a re using. Snap Shot field will be filled in if you ha=e a Snap Shot for the site you added and if the %uto9+ilot engine will use it or not. 2ight licking brings up a list of options which are all self eplanatory. b. /ptions Show 5akes In Summary will display all the fakes the %uto9+ilot recei=ed in the Summary report generated when the site is completed testing. Show 2edirects In Summary will display all the redirects the %uto9+ilot recei=ed in the Summary report which is generated when the site is done being tested. Time To Sleep etween 0ach >ob can be useful to allow Sentry to reco=er from a test that Dust ended. % good way for letting your connections reset ;lettings slow connections finish<. c. 2esults isplays the 2esults returned when using the %uto9+ilot. This is also considered the Summary. !:. +rogression %. ots isplays information about the test being ran including bot number, username, password, proy, reply, and site being tried at the present moment. ots can be changed during a test. %ll Hits are recorded in the Hits #isto. %ll 2edirects are recorded in the 2edirects #isto. %ll 5akes are recorded in the 5akes #isto. ouble licking any item in any listbo will launch that item in your browser. . 2eplies 2esponses are recorded appropriately when they appear during a test. $:: 9 /@ 2esponse, not necessarily a hit. ( 9 2edirect. *:! 9 %uthentication 2eCuired. *:( 9 5orbidden. *:* 9 +age not found. &enerally a proy error or a timeout.
1:( 9 Ser=ice Temporarily Una=ailable which is usually a proy problem, or a site can return this error if it reCuired &0T 2eCuest Method to be used when using H0% 2eCuest Method. 2etries 9 The amount of times Sentry has retried =arious combos because of proy errors or timeouts. 5akes 9 The amount of fakes that Sentry has detected. +roies #eft =isually displays a progress bar and numbers showing how many proies you ha=e left. This can be useful to monitor how fast a site is banning your proies. Statistics shows general statistics of the site or sites in progress. +S G racks +er Second.