How to win or cheat ANY online voting contest – Whole Whale
It’s no secret that I’m not a fan of voting competitions, especially ones that are built irresponsibly. That’s why I’ve set out to create the definitive guide on breaking (/cheating) poorly designed nonprofit voting problem with voting competitions is that they pit nonprofits against each other for a prize that usually doesn’t come close to the true cost of the votes that these organizations push to get. What’s more, they run the risk of burning out the supporters of these great organizations.
In the worst case scenario, one organization decides to cheat because the system is designed with flaws by some marketing firm and they see a way to easily game the system to win money for their great cause. I am not justifying or endorsing cheating – I actually believe the only way to win these contests is by not playing. However, in an effort to scare the pants off of people creating these contests I decided to create this Whole Whale does not cheat on behalf of our clients. It is not a service WW offers nor will ever! @WholeWhale just wrote the guide on how to beat most nonprofit online voting contests. Click To Tweet
Step 1: Figure out how it is built
Online voting competitions will use a variety of ways to track votes through a website. Here are the most common building technical:
A Web Form Built with the GET method
This method (low security) means that the form will push the data into the URL and you will see it. e. g. to break: Find that URL and go ham on the refresh button. Hide the cookies and IP address if they are tracking. Post that link anywhere you can and every click will equal a vote. Honestly, no reputable contest will be built this way because it isn’t 2006, but hey, you never know…
A Web Form Built with the POST method
This method (medium security) means that the form will push the data through the body of the request and will not show in the to break: you may be able to use the back button if cookies aren’t being set. If they are being set you can hide cookies with a browser like Chrome with cookies disabled. If they built it correctly you will need a more advanced human assisted tech approach (see step 2 below).
Cookies – contests that don’t require a sign in and allow anonymous votes depend on cookies that may have timers in some cases. To break: clear your cookies, vote, repeat. Use Chrome and a cookie remover to block the cookies of the site, if it still lets you vote you’re all set to click away. The browser has very good privacy protection that will block this type of tracking. Cookie and IP on mobile – if you are using a mobile device you can try switching to airplane mode and using a wifi network to confuse the IP tracking. IP – Some use the IP to determine location voting. You can use a proxy server or a local VPN like Hotspot Account – This will require multiple accounts and a more advanced approach to get enough votes. Depending on how the account is authenticated, it may be not be possible to automate mass confirmation – This is the most common system I see, it requires an email to be confirmed from the inbox with the link to record the vote.
Step 2: Human assisted automation
The following are various tactics which can be combined to break most voting systems with a little help from third party tools. In order to not look suspicious it is important not to show suspiciously large voting counts – I can immediately tell if a distribution of votes is unnatural and violating an expected power law (20% of the contestants getting 80% of the total votes). In one case we spotted this in a contest one of our clients were considering and we advised them not to participate – later we found several articles on the cheating that had Whole Whale does not cheat on behalf of our clients. It is not a service WW offers nor will ever offer.
Computer Macros
A macro is a program that you can setup on a computer that goes through a series of clicks and keyboard strokes on a timed interval. If a voting system doesn’t require a captcha or other human test, a macro can be created to go through a voting cycle unabated. Combine these tools with a hotspot shield and cookies disabled on a computer can break most non-email verification process. Some tools:
Macro Express – downloadable software that will let you turn your computer into a bot that is timed to click and enter information as toHotkey – downloadable software that will let you click the heck out of buttons or load pages.
Email Generators
For secure voting systems that don’t have strict email confirmations, there are ways to generate emails quickly. These email hacks can also be used to create accounts for systems the require logins.
Any single Gmail, Hotmail, Yahoo or normal domain email address can be made into thousands of emails by adding a “+” or “. ” after the name and before the “@” sign. For example, can be and the email will still be delivered to your you own your own domain, you can create a bunch of aliases for one email ilinator – this is a site that will generate emails for you on demand and give you a quick inbox that the confirmation link will be sent to. Using a variety of email domains can help make this look less spammy. This is a list of temporary email domains hosted via mailinator:
Outsourced Voting
For a nominal amount of money, an organization can purchase votes or emails through ‘Vote Brokers’. These groups will do your bidding in the same way they translate audio to text or do other simple outsource tasks for companies. Technically it is against the Amazon Turk policy to pay workers to vote – which is great. However you can still hire someone on a site like UpWork to build a script that could use the above tactics.
Proxy Voting
A proxy vote traditionally means that a voter transfers their right to vote to a third party. Massive lists of proxy accounts can be managed by a single person simply logging in one by one and voting. Imagine if political staffers could collect permission to vote on behalf of voters in a district in perpetuity — not really the will or action of a crowd, but highly best way to win a nonprofit voting competition is by not entering. Click To Tweet
Finally, for the contest creators
This post is meant to ruin poorly designed voting competitions and to scare anyone thinking about building a nonprofit voting competition. I hate the idea of cheating nonprofits and I think that starts when a contest doesn’t use responsible design.
Responsible Contest Design Questions
Can your online system be quickly gamed by the exploits above? (I beg you not to use GET requests or anonymous voting)Can you use a third party authentication to stop the email hack? Is the prize pool large enough to make an expected value equation make sense for all participants?
Expected Value for Voting Contest = Prize amount * (total # winners / total # charities)
Do the nonprofits involved get to keep the voter data that relates to their org? In the case of emails, do they get them? Is there a way to build this so that every participant wins in some way? Is the time frame limited so there is only a small window of nonsense voting requests? Is there a clever way to design the voting process so that it actually produces some positive impact for the nonprofit? e. g. voters have to submit photos they take of the cause that the nonprofit can have access to later for their photo database. Or they must submit 1 idea that they think would improve their work. you use a threshold voting, where nonprofits need to get to X votes to be considered by a panel? This caps the voting nonsense while still getting a bit of the network effect you are hoping for your brand. This pairs well with a social integration.
I hope these questions will spur some more creative approaches to contest design and will add more value to the nonprofits who Whole Whale does not cheat on behalf of our clients. It is not a service WW offers nor will ever offer. Also, please don’t reach out to us to vote for your contest.
So there you have it – our guide to breaking online voting contests so your nonprofit can win. And more importantly, to bring transparency to this one-sided marketing tactic.
Even more awesome resources
To truly leverage the power of Facebook Fundraisers, you and your team need a clear and easy-to-read view of the data. Sound like a lot of work? Thankfully, Whole Whale’s already done the work for you with this Facebook Google Data Studio dashboard! Check it out!
Template
Facebook Fundraiser Dashboard Template
Plus, download this free, simple checklist to make sure you’re covering all your bases when you set up your next nonprofit campaign!
How to hack/rig most StrawPoll polls! [VERY EASY] – Cracked.to
OP 16 February, 2020 – 01:17 AM
First time writing a guide so go easy on me
side note: this only works on polls that do not require registration
Easy to follow Skiddie Request Forgery tutorial:feelsgood:
What you will need:cURL
a high quality proxy list
Chrome web browser(to make it simple, you could also use something like burpsuite to catch the request)
So down to business
So first thing you’ll want to do is open the chrome developer tab by pressing f12 and then press the “Network” tab. Then press the little record circle which will turn red when activated.
Mark the answer you would like on the page and press vote(this will work whether you’ve already voted or not)
At this point some requests should have turned up!
Now just look for a request named “pollvote” with the above as a response message then proceed to right click on the request and chose copy > copy as cURL.
as said before if you already know how to do basic RF and stuff you could use burpsuite or something to catch the request instead this is just a simple lazy method
After this all you have to do for a single vote is paste the command in a terminal with curl with one small change which is placing either “-x x. x. x:port” or “–socks5 x. x:port” as the first option (meaning put that in front of the word curl in the terminal) and voila! you should have a successful vote confirmed by a cURL response saying so!
(given that the proxies are good enough, if you for example use proxybroker its most likely not going to work very well)
But ofcourse you will probably want to do more than 1 little vote well don’t worry
that’s easily fixable with some good ol’ code
I won’t spell it out for you but ill give you the basic idea since it’s just a couple of linesCode:For i in proxylist:
DO curl –socks5 i ‘Done
ENJOY:dancinggirl::dancinggirl::dancinggirl:
[Source] Strawpoll.me Bot – UnKnoWnCheaTs
UnKnoWnCheaTs – Multiplayer Game Hacking and Cheats
Anti-Cheat Software & Programming
C#
[Source] Bot
Save
Authenticator Code
Thread Tools
Bot
21st December 2018, 07:22 PM
#1
bditt
Professional Retard
Join Date: Nov 2015
Location: 0xC1A551F1ED
Posts: 148
Reputation: 1406
Rep Power: 145
Recognitions
Donator
(1)
Points: 7, 252, Level: 9
Level up: 69%, 348 Points needed
Activity: 2. 1%
Last Achievements
Hey guys, this is my first time ever releasing on this forum, so please let me know if I posted this in the wrong section or did something wrong in the post.
Anyway, today I’ll be releasing the source code to my Bot that I created earlier today.
This works on both non captcha and captcha strawpolls.
As someone who doesn’t work in C# very often, please me know your opinions on this project so I can improve my C# skills.
Github:
bditt is offline
22nd December 2018, 02:13 PM
#2
stevemk14ebr
Hacked North Korea
Join Date: May 2013
Location: USA
Posts: 2, 766
Reputation: 71919
Rep Power: 303
Member of the Month
(2)
Points: 118, 471, Level: 49
Level up: 54%, 2, 429 Points needed
Activity: 2. 0%
interesting, how well does this perform:
__________________There are 10 kinds of people in this world, those who understand binary, and those who don’t
I’ll contribute, so I’ll expect the same from you
stevemk14ebr is offline
22nd December 2018, 02:25 PM
#3
WasserEsser
Forum Administrator
Join Date: Jun 2013
Posts: 4, 212
Reputation: 102503
Rep Power: 347
(35)
File Analyzer
Gratuity
(3)
Contest Winner
Points: 155, 480, Level: 56
Level up: 26%, 4, 420 Points needed
Activity: 8. 9%
Quote:
Originally Posted by stevemk14ebr
Those are solved by humans for a small fee.
__________________
WasserEsser is online now
23rd December 2018, 06:46 PM
#4
Threadstarter
I think it can bot around 1000 votes in less than a minute assuming you use the right amount of threads.
2Captcha typically takes about 10-15 seconds but can go longer to solve a captcha so it’s depending on how long it takes to solve the 2Captcha request.
Originally Posted by WasserEsser
Yeah, I think 2Captcha does a good job at this.
Do you have any suggestions for a faster alternative?
26th December 2018, 09:07 PM
#5
CraftLourens
UnKnoWnCheaTeR
Join Date: Jul 2014
Posts: 903
Reputation: 11067
Rep Power: 197
Points: 22, 891, Level: 21
Level up: 31%, 1, 109 Points needed
Activity: 3. 3%
CraftLourens is offline
15th January 2019, 01:19 PM
#6
mikke62
n00bie
Join Date: Feb 2010
Posts: 4
Reputation: 36
Rep Power: 284
Points: 6, 575, Level: 9
Level up: 7%, 1, 025 Points needed
Activity: 1. 5%
how to find 2captcha key?
mikke62 is offline
Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
[Release] [BOT] POKEMON GO BOT WINDOWS
AleStyleHD
Other Software
3
20th August 2018 10:09 PM
[Release] Abendigo – Java cheat platform (aim bot, trigger bot, RCS, ESP, radar, with plugins! )
Canownueasy
CS:GO Releases
15
14th August 2015 06:39 PM
[Release] [Undetected][BOT] Nosbota – Nostale bot/hack
morsisko
Other MMORPG and Strategy
10
20th July 2015 10:24 PM
[Release] GW2 xStruck Bot – Free full automatic bot!
mistiquefox
Guild Wars
5
11th June 2014 05:34 PM
[Help] bot roflcopter (heli-bot)
dogmatt
Battlefield Bad Company 2
1
30th March 2010 02:22 PM
Tags
captcha, wrong, releasing, bot, github, strawpolls, skills, improve, project, opinions
«
Previous Thread
|
Next Thread
»
Forum Jump
All times are GMT. The time now is 03:37 PM.
Contact Us –
Toggle Dark Theme
Terms of Use Information Privacy Policy Information
Copyright ©2000-2021, Unknowncheats UKCS #312436
no new posts