Automated Voting

DISCLAIMER

This is to be used only for Educational Purposes
This script is a proof of concept that with a little observation, one can do more.

This project is a Node.js CLI tool for automating voting actions on a target website using rotating proxies.

How voting works

A user registers and shares a link to their project
Every user that clicks on that link automatically votes for that project
- A user can also click VOTE to vote for the project
Votes are counted in real time [for every single vote casted, you get to hit the database and fetch the latest votes]

SECURITY FLOWS

1 Vote per device per network (Sometimes per day)
- Meaning, if you have a Tecno phone with id 1, and connected to your WiFi, the moment you click on a project to vote, your vote is registered and when you change network, you are also eligible to vote
Rate Limits
No Authentication or any other sophisticated voting mechanisms
One user can vote for all the projects

The Inspiration behind

This project was inspired by the need to automate voting processes for online contests while mimicking real user behavior. It leverages proxy servers to avoid IP bans and randomizes device identifiers to simulate different users. In this case we use the Young Builders Challenge Season 1 (Online Edition) as our target poll and since they did not do any solphisticated security for voting we went on to exploit it.

This is what we found. The voting process uses a Restful API with a POST request sent to

   curl 'https://paulkatema.org/vote.php' \
    -H 'content-type: application/x-www-form-urlencoded' \
    --data-raw "entry_id=${VOTER  Number/ID}&device_id=$RANDOM"

This request goes with entry_id which is the current user's registration number. or the project owner's registration number or in DB norms ID. device_id which is an id unique to any device.

Much as these details above seemed enough basing on the network tabs which I monitored, a certain error message that came gave me an idea that there was more.
The error message was "You have already voted today on this network" when you try to vote for the same project with the same exact details which meant that there was some sort of tracking going on for an IP address.
I then knew manual testing with postman would work but it may mean doing some heavy configs in my machine which i wasnt ready to do.
So I went on to find a way to automate this process using proxies and random device ids. The proxies would help me change my IP address and the random device ids would help me simulate different devices.
```
- Using NodeJs i used these dependencies
```

        "dependencies": {
            "https-proxy-agent": "^7.0.6",
            "socks-proxy-agent": "^8.0.5"
        }

These would help me bypass the restrictions and vote as many times as possible.
The proxies would be fetched from a free proxy list and the device ids would be generated randomly from a list of device ids.
The user agents would also be fetched from a list of user agents to simulate different browsers and devices.
The progress of the voting would be tracked and saved in a progress.json file to ensure that the process can be resumed in case of any interruptions.

Features

Automated voting requests using proxies from proxies.txt
Randomized device IDs and user agents for each request
Progress tracking and resume support via progress.json

Requirements

Node.js v16 or newer
macOS, Linux, or Windows

Setup

Clone this repository or copy the files to your project directory.
Install dependencies:
```
npm install
```
Ensure you have the following files in the project root:
- proxies.txt (list of proxies in ip:port format)
- devices.json (array of device base strings)
- user_agents.json (array of user agent strings)

Usage