Yes. Just scrape the colours of pixels from the screen and click them. One of the ones I'm playing is using HTML 5. So I replaced all the moving images that I wanted to click with red PNGs and had them target that.
It's not hacking... so much as botting by getting my computer to do my work for me.
You are making life alot harder for yourself than it needs to be. Html games use basic Get/Post request , maybe json encoding sometimes but its nothing to advanced. Honestly I thought U was hacking king.com or something , then I could see why you would use a pixel bot. You have alot to learn before you even think about dumping a account list from a game...
Lol yup. I have no programming background
The only thing I've so much as hacked with a packet editor or w/e they're called are iphone games. Browser games don't really seem to do much in the way of get/post.
Last edited by mt5o5bd; 09-14-2013 at 05:44 AM.
You are wrong browser games work entirely via get / post request. A packet editor for browser games is a bit extreme you could just view source or use a browser plugin like tamper data... e.g:
This tells us the game is connecting to (you need an account to see links) and sending the following data as a POST request:
talkto=1
You need to check your setup something is wrong.
If I could learn how to do all that I'd be rich on my browser games.
Saru (09-14-2013)
Raredaredevil: I have never ever encountered a game that easy to 'edit'. Many games like Dragon Story by team lava, tinymonsters all have some kind of check or obfuscation ofthe post data.
They either send a long string of god knows what (with the useragent mashed up in it somewhere). The strings were long and totally unreadable gibberish. Some people I was on a forum with recommended an md5 hash decrypter or something.
That is case one. Case two is games that connect and even upon setting up a breakpoint, you are unable to see any data being sent back and forth. I will illustrate my example with the altador cup sender pro I was playing with. No I should not have been playing with how your programs authenticate themselves, but there is a discrepancy between verifications in plaintext which I can see and verifications I can't see. I listened on both localhost and also tried the default setup. Absolutely nothing. On some of your programs I can legit see requests being sent (and tamper). On other programs I cannot. Same way with games.
Case 3, I am able to shove data into a game either via a breakpoint or via an autoresponder. I format the data correctly in a plaintext response trapped from the server and edited by my computer (as you know some games tend to store temporary data which we can play with and modify). I get an HTTP Ok response, but often the game reloads and attempts to redownload the information. I conclude that finding out what is wrong with my response I will never be able to determine. I've even tried enabling latency, checking gzip (don't know what that is), forcing no cache (don't really know what that is), using a user agent and trying every single option in the web debugger. Nope. Game simply does not accept the values. I know it cannot be getting info from anywhere else because I am LISTENING TO EVERYTHING. Or I am listening to most thing on port 8888. I don't know if I can force listens on every port on my computer.
And yes I sorta know what I am doing. Json is damn obvious plaintext. Maybe I have the wrong response length or something.
Case 4: I see the connection being made to a game but at the end of the game I can't see the score. Honest to god, I cannot see the score at all. It captures nothing. Breakpoints are not tripped when the game ends but I definitely get items added to my account. =.= In other words, it behaves similarly to your verification for that trainer I listed above. A definite verification of my accoubt occurred, but it was unmonitored.
Case 5: The game is edited profoundly. :p some games are as you have described. Change a couple of numbers, end up with $$$$
So yeah, in signing up to this website your tools are very similar to what I am trying to achieve. And your antiban guides can also be applied generally as well. I have also seen some interesting tidbits on serversode responses.
I have also dabbled a bit in cheatengine. Most of the time, it does not work on browser games. And most html games I've foubd have headers which load an html page. Yeah, of course you can tamper the response as it comes back but that only affects your computer locally. So it's pointless. The headers only load a url. Again, pointless. I'd probably have to figure out how to spoof cookies or something, I could use a script for that. But breaking into someone's account would be noticed. Despite me curating a gigantic list of proxies - I scrape them for fun - there's no guarantee I can keep anything. Also, if the games aren't just using stupid html, they're using ajax or w/e. Which you can see in a sniffer, but if you tamper you're never able to use items you don't own, or read messages which aren't yours.
So it's pixel botting for me. And yes I suck profoundly at that too. So many checks. You have to make sure a webpage loads. When your energy gets low, you have to record that in a variable and act depending upon that. Still, it was my first programming project ever. I'm just worried that I'm never going to improve. Botting via screenscrape gives you an advantage, slightly faster than human reflexes, but it's nowhere near as effective as your bots. Sure it's difficult to ban, but also very slow.
I've read more sqli tuts and all manner of hacking tuts but I'm pretty bad at comprehension.
Last edited by mt5o5bd; 09-14-2013 at 08:23 AM.
Dragon story is a android game / iphone game not a browser game so of course nothing I have said will stand. The packets are binary and alot of games encode themselves using a (you need an account to see links) (deffinatly not md5 whoever told u that dosent know what you are on about). Can you not even pm me what games giving you issues? I am generally intrested now and only want to figure it out.
From the sound of it your not using a packet editor , your using a http debugging proxy. You should download Wpe instead it works by setting a Hook on winsock send() and Recv() in any single program. This then lets you see the packets of only a single process. However for iphone games you are going about things the right way (debug proxy) but your jumping into the deep end there.
Add me on skype if you want to talk about things:
msn@(you need an account to see links).com
I don't use skype, but I'll definitely PM you tomorrow about all those games (it's midnight here). (There's a lot of them.) That sounds interesting, and yes I am using a debugger. I never knew there was something lower than that *sniffle*. I don't use skype though, I'm afraid.
I picked up Fiddler2 initially to work with iPhone games, but then I quickly realised that I could use it to locate all kinds of things like music, movies and images as I was browsing the web. I'm generally curious in learning a little more though.
DarkByte(09-14-2013)
Originally Posted by mt5o5bd
Haha yeah you should get some rest you are repeating yourself <3 message me when ur up :3
Posting Permissions
