[Help] Sniffing shop.php

~~manulaiko~~ · 12/15/2013, 18:13

Hi!!

I'm trying to sniff darkorbit's /ajax/shop.php file with fiddler but I need help.

I'll explain a bit how shop system in darkorbit works (I know it's a bit bad but it's everything I know).

When you go to the shop there's a js file (

) which sends the request to

when you buy something. If you try to see that file It will give you something like:

Code:

{"result":"error","message":"No or invalid itemId!","userBalance":{"uridium":2761,"credits":634455},"userShip":{"laserAmmunitionSpace":69373,"rocketSpace":3326},"isShipDumpEmpty":false,"itemId":"","category":false}

This is the response of the file to the shop.js file which will prompt success or failed.

Ok I think now you can understand what I'm trying to do.

When I sniff the buyment process with fiddler I get the response of the shop.php file but, I don't know if it's encrypted or fiddler is stupid.

This is the row response which contains the parameters of a successfull buy:

- Ko 0 K/ W P z eq dյc J ʟfǳs c + 1 i+Z T=V >@ SP d &{P )'d tz.

(some characters doesn't appear here).

Some images:

(HEX)

(Headers)

And the problem is that I don't know what returns the file when you buy something.

This is the capture file so you can open it with fiddler:

I tried with Charles to but it giveme the same and httpheaders sends the request to the shop.php file and not the response.

Hope you could understand it :P

See you!!

linkpad · 12/15/2013, 18:26

I don't know what you want to do but ajax/shop.php return this when you buy something.

Quote:

{"result":"success","message":"Munitions laser achet\u00e9es","userBalance":{"uridium":7246,"cred its":37037309},"userShip":{"laserAmmunitionSpace": 15000,"rocketSpace":568},"isShipDumpEmpty":false," itemId":"ammunition_laser_lcb-10","category":"battery"}

So i don't really understand what you want to do with fiddler ?

Queen Elsa of Arendelle · 12/15/2013, 19:17

Hide dosid in the picture

(es1.darkorbit.bigpoint.com/indexInternal.es?action=internalStart&dosid=xx29xx 35xx74xxa9ax46xax1xx40xx69)

knuck · 12/15/2013, 19:58

Quote:

Originally Posted by Zijjukegia

Hide dosid in the picture (es1.darkorbit.bigpoint.com/indexInternal.es?action=internalStart&dosid=xx29xx 35xx74xxa9ax46xax1xx40xx69)

it changes in every login so I think its gone now

UND3RW0RLD · 12/15/2013, 21:34

Quote:

Originally Posted by manulaiko

Hi!!

(...)

Hope you could understand it :P

See you!!

Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).

short: you can't sniff the communication between the web and the sqlserver.

lg

~~manulaiko~~ · 12/18/2013, 18:49

Quote:

Originally Posted by ǝnd1ǝss-ɯonǝʎ

Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).

short: you can't sniff the communication between the web and the sqlserver.

lg

I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.

Quote:

Originally Posted by linkpad

I don't know what you want to do but ajax/shop.php return this when you buy something.

So i don't really understand what you want to do with fiddler ?

Thanks!

EDIT:

Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.

0wnix · 12/18/2013, 22:26

Quote:

Originally Posted by manulaiko

I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.

Thanks!

EDIT:

Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.

If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess

UND3RW0RLD · 12/19/2013, 04:18

Quote:

Originally Posted by manulaiko

I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.

But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones.

Personal thinkings

Luffa · 12/19/2013, 06:24

About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).

The shop.php returns as you might have figured out json that the ajax read directly from it.

Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?

Best Regard RQ

~~manulaiko~~ · 12/19/2013, 10:13

Quote:

Originally Posted by player.elite

If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess

The problem is that it isn't any .htaccess in /ajax/

Quote:
Originally Posted by ǝnd1ǝss-ɯonǝʎ
But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones.
Personal thinkings
Code:
{"result":"success","message":"Munitions laser achet\u00e9es","userBalance":{"uridium":7246,"cred its":37037309},"userShip":{"laserAmmunitionSpace": 15000,"rocketSpace":568},"isShipDumpEmpty":false," itemId":"ammunition_laser_lcb-10","category":"battery"}
Tells us the user bought some lcb-ammo. There are a lot prettier solutions.

Just an example:

PHP Code:

if($_SERVER['REQUEST_METHOD'] == 'POST' && $want_item != '' && isset($SID)) { // sql-queries to add ammo and sustact uri or cred header(Location: $urlwithsuccessoverlay) // e.g. index.php?success=lcb10 }

If you do it like that there isn't any output like above, but it'll definitly work, or am I on a wrong path?

Of course it will work with my private server because I'm just wanted to know what it returned when you buy something (in this case x1) as a template.

Quote:

Originally Posted by Rage Quit

About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).

The shop.php returns as you might have figured out json that the ajax read directly from it.

Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?

Best Regard RQ

The 2nd image shows the headers in which are the post parameters: "action=purchase&category=ships&itemId=9&amount=1& level=-1&selectedName="

0wnix · 12/19/2013, 12:33

Delete the .htaccess in htdocs

~~manulaiko~~ · 12/24/2013, 13:03

Ok I deleted the .htaccess file and now I can use the parameters but the problem is that chrome's console says that "result" isn't defined.
This is my response:

Code:

$data3 = sprintf('{"result":"success","message":"Munitions laser achet\u00e9es","userBalance":{"uridium":%s,"credits":%s},"userShip":{"laserAmmunitionSpace": 15000,"rocketSpace":568},"isShipDumpEmpty":false," itemId":"%s","category":"%s"}', $Users->DataRow['uri'], $Users->DataRow['credits'], $itemId, $cat);

See you!