Disclaimer
This site does not support carding, hacking or any Fraudulent activities. This article is for educational purposes only. It aims to point out how hackers and carders often go undetected and steal your personal information so as to open financial accounts in your name. Although the fraudulent steps discussed may work in real life, Security Cavern warns you against any fraudulent behavior as it is against the law.
Setup a Portable Firefox or an Anti Detect Browser
Here you can just follow the video like I showed you earlier in the training for setting up the Custom Firefox portable browser OR if you have gotten AD by now you can set that up for carding. I won’t rehash this stuff. One thing I’d like to mention though is that using portable device user agent strings for carding is one of the best ways to card right now. What this means is instead of setting up a browser like a normal Windows 10 using Chrome, it is better to spoof it as an iPhone OS with Safari or an iPad on Chrome, or something similar. More and more people now days are shopping from their smart devices so mimic that! Remember, the key here is to blend in and appear as if you are just a normal everyday user shopping online.
Whoer.net Tests
Once you have your browser spoofed, connected to your SSH or RDP, make sure that your time zone is set correctly. A quick way to do this is go to whoer.net. They reveal a lot of information about your set up and can help you make sure that you are ready to card. In the example below you can see that I’m spoofing an iOS iPhone with Safari 10.0 browser. My IP address has NO blacklists. My browsers headers match what Javascript is revealing. My language is in US English and the IP time zone matches my operating systems time zone. This is an ideal and perfect set up!
MaxMind Test
Now that you have determined your browser set up is on point. Go to maxmind for one last check to make sure your IP is right according to MaxMind.
Make the Charge on eCommerce
Once you’ve verified you are in the right location, move on over to your eCommerce site or Unityaid campaign to make the charge. I will show you examples of both here. Here is a screenshots of an eCommerce check out page.
Here is the Charge Page on stripe.
And here you see I got the green check! Which is a good sign.
And order received AKA charge approved.
And here is a view of that charge in my Stripe account. As you can see, the risk evaluation was normal and therefore the charge should take me in to 2 day rolling as long as there are not charge backs or funny shit happening with it.
Unityaid Charge
Now let me show you how I charged my Unityaid. It’s just as easy as this other charge was. Just type in your campaign link and click Contribute.
Here you can enter however much you want to contribute. You don’t need to join with Facebook or add a picture.
Now put in your cardholder’s email, their location, type a message if you want and enter the CC data.
There you go easy charge! With this type of Stripe you have to not only pay Stripe a fee, but you are also having the crowdfunded take a percentage so that is why you see $87 there.
And the charge on my Stripe.
So there you have it! That is charging your Stripe made easy! I hope that I was clear and detailed enough for you to do that without too many questions or uncertainty!
