[Help] Sniffing shop.php

12/15/2013 18:13 manulaiko#1
Hi!!

I'm trying to sniff darkorbit's /ajax/shop.php file with fiddler but I need help.

I'll explain a bit how shop system in darkorbit works (I know it's a bit bad but it's everything I know).

When you go to the shop there's a js file ([Only registered and activated users can see links. Click Here To Register...]) which sends the request to [Only registered and activated users can see links. Click Here To Register...] when you buy something. If you try to see that file It will give you something like:

Code:
{"result":"error","message":"No or invalid itemId!","userBalance":{"uridium":2761,"credits":634455},"userShip":{"laserAmmunitionSpace":69373,"rocketSpace":3326},"isShipDumpEmpty":false,"itemId":"","category":false}
This is the response of the file to the shop.js file which will prompt success or failed.

Ok I think now you can understand what I'm trying to do.

When I sniff the buyment process with fiddler I get the response of the shop.php file but, I don't know if it's encrypted or fiddler is stupid.

This is the row response which contains the parameters of a successfull buy:

- Ko 0 K/ W P z eq dյc J ʟfdzs c + 1 i+Z T=V >@ SP d &{P )'d tz.

(some characters doesn't appear here).

Some images:
[Only registered and activated users can see links. Click Here To Register...] (HEX)
[Only registered and activated users can see links. Click Here To Register...] (Headers)

And the problem is that I don't know what returns the file when you buy something.

This is the capture file so you can open it with fiddler: [Only registered and activated users can see links. Click Here To Register...]

I tried with Charles to but it giveme the same and httpheaders sends the request to the shop.php file and not the response.

Hope you could understand it :P

See you!!
12/15/2013 18:26 linkpad#2
I don't know what you want to do but ajax/shop.php return this when you buy something.

Quote:
{"result":"success","message":"Munitions laser achet\u00e9es","userBalance":{"uridium":7246,"cred its":37037309},"userShip":{"laserAmmunitionSpace": 15000,"rocketSpace":568},"isShipDumpEmpty":false," itemId":"ammunition_laser_lcb-10","category":"battery"}
So i don't really understand what you want to do with fiddler ?
12/15/2013 19:17 Queen Elsa of Arendelle#3
Hide dosid in the picture :) (es1.darkorbit.bigpoint.com/indexInternal.es?action=internalStart&dosid=xx29xx 35xx74xxa9ax46xax1xx40xx69)
12/15/2013 19:58 knuck#4
Quote:
Originally Posted by Zijjukegia View Post
Hide dosid in the picture :) (es1.darkorbit.bigpoint.com/indexInternal.es?action=internalStart&dosid=xx29xx 35xx74xxa9ax46xax1xx40xx69)
it changes in every login so I think its gone now
12/15/2013 21:34 UND3RW0RLD#5
Quote:
Originally Posted by manulaiko View Post
Hi!!

(...)


Hope you could understand it :P

See you!!
Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).

short: you can't sniff the communication between the web and the sqlserver.

lg
12/18/2013 18:49 manulaiko#6
Quote:
Originally Posted by ǝnd1ǝss-ɯonǝʎ View Post
Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).

short: you can't sniff the communication between the web and the sqlserver.

lg
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.
Quote:
Originally Posted by linkpad View Post
I don't know what you want to do but ajax/shop.php return this when you buy something.



So i don't really understand what you want to do with fiddler ?
Thanks!

EDIT:

Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.
12/18/2013 22:26 0wnix#7
Quote:
Originally Posted by manulaiko View Post
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.


Thanks!

EDIT:

Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.
If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess
12/19/2013 04:18 UND3RW0RLD#8
Quote:
Originally Posted by manulaiko View Post
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.
But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones. ;)

12/19/2013 06:24 Luffa#9
About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).

The shop.php returns as you might have figured out json that the ajax read directly from it.


Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?


Best Regard RQ
12/19/2013 10:13 manulaiko#10
Quote:
Originally Posted by player.elite View Post
If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess
The problem is that it isn't any .htaccess in /ajax/ :(

Quote:
Originally Posted by ǝnd1ǝss-ɯonǝʎ View Post
But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones. ;)
Of course it will work with my private server because I'm just wanted to know what it returned when you buy something (in this case x1) as a template.

Quote:
Originally Posted by Rage Quit View Post
About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).

The shop.php returns as you might have figured out json that the ajax read directly from it.


Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?


Best Regard RQ
The 2nd image shows the headers in which are the post parameters: "action=purchase&category=ships&itemId=9&amount=1& level=-1&selectedName="
12/19/2013 12:33 0wnix#11
Delete the .htaccess in htdocs
12/24/2013 13:03 manulaiko#12
Ok I deleted the .htaccess file and now I can use the parameters but the problem is that chrome's console says that "result" isn't defined.
This is my response:

Code:
$data3 = sprintf('{"result":"success","message":"Munitions laser achet\u00e9es","userBalance":{"uridium":%s,"credits":%s},"userShip":{"laserAmmunitionSpace": 15000,"rocketSpace":568},"isShipDumpEmpty":false," itemId":"%s","category":"%s"}', $Users->DataRow['uri'], $Users->DataRow['credits'], $itemId, $cat);
See you!