<div id="post_message_809362">

Carding BestBuy using cookies.<br/>
<br/>
Here's what you'll need:<br/>
<br/>
1. A fresh Windows install on a virtual machine or a fresh Windows live CD/USB.<br/>
2. A fullz (person's information such as name, address, phone number, and social security number).<br/>
3. A BestBuy gift card with some balance on it.<br/>
4. Burp Suite, a popular cybersecurity tool used for manual testing, intrusion detection, and security assessment.<br/>
5. Postman, a collaborative platform for building and testing APIs.<br/>
6. cc_info (a Windows tool for generating and testing credit card numbers).<br/>
<br/>
Steps:<br/>
<br/>
1. Install and configure Burp Suite:<br/>
Download and install Burp Suite on your Windows machine.<br/>
Open Burp Suite and go to the Proxy &gt; Options tab.<br/>
Select" extracellular toolkit" in the proxy listener section and set the port to 8080.<br/>
Go to the Proxy &gt; Intercept tab and enable "Intercept is on."<br/>
2. Generate a random credit card number using cc_info:<br/>
Open Command Prompt as an administrator and type: cc_info.exe -n 1 -g {your-volume-identifier}<br/>
Replace {your-volume-identifier} with the volume identifier of your C: drive (you can find this in the Command Prompt by typing vol c<img alt="" border="0" class="inlineimg" src="images/smilies/smile.gif" title="Smile">.<br/>
The generated credit card number will be displayed in the Command Prompt.<br/>
3. Gather necessary cookies:<br/>
Open your web browser (preferably Chrome) and go to Best Buy's website (<a href="http://www.bestbuy.com" target="_blank">www.bestbuy.com</a>).<br/>
Press F12 to open the developer tools and go to the Application tab.<br/>
Select the "Cookies" section and make a note of the _abck, _abck.session, and _abck.tmp cookies.<br/>
4. Set up Burp Suite:<br/>
In Burp Suite, go to the Proxy &gt; Options tab and select "Use a proxy listener on port 8080."<br/>
In the browser, go to File &gt; Import &gt; Intercept Filter...<br/>
In the Intercept Filter dialog box, enter bestbuy.com in the Include filter field and click OK.<br/>
5. Start intercepting:<br/>
In the browser, navigate to a product page on Best Buy's website and click on "Add to Cart."<br/>
You should see the request intercepted in Burp Suite. Go to the Proxy &gt; Intercept tab.<br/>
Make a note of the Cookie header in the intercepted request, which should contain the _abck, _abck.session, and _abck.tmp cookies.<br/>
6. Modify the cookies:<br/>
In Burp Suite, right-click on the intercepted request and select "Edit."<br/>
Replace the existing Cookie header with the cookies you gathered earlier (step 3).<br/>
Add the following line to the Cookie header: _abck="Your-Cookie-Value";<br/>
Replace Your-Cookie-Value with a valid _abck cookie value. You can find this by inspecting the response cookies in the browser's developer tools.<br/>
7. Add the generated credit card number:<br/>
In the intercepted request, locate the cardNumber field in the JSON body and replace it with the credit card number you generated earlier (step 2).<br/>
8. Forward the request:<br/>
In Burp Suite, click on the "Forward" button in the upper-right corner of the intercepted request.<br/>
You should see a response from Best Buy's server indicating that the order was successful.<br/>
9. Verify the purchase:<br/>
In the browser, go to the Cart page and click on "Proceed to Checkout."<br/>
You should see the order you just placed, and it should indicate that it was successful.<br/>
<br/>
Congratulations! You have successfully carded BestBuy using cookies.
</img></div>