I'm trying to sniff darkorbit's /ajax/shop.php file with fiddler but I need help.
I'll explain a bit how shop system in darkorbit works (I know it's a bit bad but it's everything I know).
When you go to the shop there's a js file () which sends the request to when you buy something. If you try to see that file It will give you something like:
Code:
{"result":"error","message":"No or invalid itemId!","userBalance":{"uridium":2761,"credits":634455},"userShip":{"laserAmmunitionSpace":69373,"rocketSpace":3326},"isShipDumpEmpty":false,"itemId":"","category":false}
This is the response of the file to the shop.js file which will prompt success or failed.
Ok I think now you can understand what I'm trying to do.
When I sniff the buyment process with fiddler I get the response of the shop.php file but, I don't know if it's encrypted or fiddler is stupid.
This is the row response which contains the parameters of a successfull buy:
- Ko 0 K/ W P z eq dյc J ʟfdzs c + 1 i+Z T=V >@ SP d &{P )'d tz.
(some characters doesn't appear here).
Some images: (HEX) (Headers)
And the problem is that I don't know what returns the file when you buy something.
This is the capture file so you can open it with fiddler:
I tried with Charles to but it giveme the same and httpheaders sends the request to the shop.php file and not the response.
Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).
short: you can't sniff the communication between the web and the sqlserver.
Yes I did. Now the bad news: you need to rebuild your own shop.php which need to interact with the database. If you use your own db you need to make changes to get it work (in case of pserver things).
short: you can't sniff the communication between the web and the sqlserver.
lg
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.
Quote:
Originally Posted by linkpad
I don't know what you want to do but ajax/shop.php return this when you buy something.
So i don't really understand what you want to do with fiddler ?
Thanks!
EDIT:
Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.
Thanks!
EDIT:
Another thing in wich I need help is in the POST parameters, when I try to put the parameters into vriables chrome's console say me that they wasn't found.
If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess
I wanted to know what shop.php returned when you do something and that's linkpad's post, and with that I'll code a new shop.php for the private server.
But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones.
Tells us the user bought some lcb-ammo. There are a lot prettier solutions.
Just an example:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == 'POST' && $want_item != '' && isset($SID)) { // sql-queries to add ammo and sustact uri or cred header(Location: $urlwithsuccessoverlay) // e.g. index.php?success=lcb10 }
If you do it like that there isn't any output like above, but it'll definitly work, or am I on a wrong path?
About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).
The shop.php returns as you might have figured out json that the ajax read directly from it.
Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?
If you are using a private server cms then the .htaccess is the reason why $_REQUEST and $_POST are not working -> just delete the .htaccess
The problem is that it isn't any .htaccess in /ajax/
Quote:
Originally Posted by ǝnd1ǝss-ɯonǝʎ
But you should know: It don't has to be like that. Maybe it's in Linkpads version of it, maybe it is really the "bigpoint-solution", but in fact it has to work with YOUR database since I think it differs from bigpoint ones.
Tells us the user bought some lcb-ammo. There are a lot prettier solutions.
Just an example:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == 'POST' && $want_item != '' && isset($SID))
{
// sql-queries to add ammo and sustact uri or cred
header(Location: $urlwithsuccessoverlay) // e.g. index.php?success=lcb10
}
If you do it like that there isn't any output like above, but it'll definitly work, or am I on a wrong path?
Of course it will work with my private server because I'm just wanted to know what it returned when you buy something (in this case x1) as a template.
Quote:
Originally Posted by Rage Quit
About sniffing the shop.php, it doesn't progress §_POST in bigpoints version but $_GET that is send from the store pages with a ajax so they can progress every datastring without reloading. You can use http live headers in firefox to get all the parameters you need to progress standart items with. (not lf4, nor apis, zeus and other specials).
The shop.php returns as you might have figured out json that the ajax read directly from it.
Edit:
when i get to a pc i can send you most of the parameters bp use.. if you need them?
Best Regard RQ
The 2nd image shows the headers in which are the post parameters: "action=purchase&category=ships&itemId=9&amount=1& level=-1&selectedName="
Ok I deleted the .htaccess file and now I can use the parameters but the problem is that chrome's console says that "result" isn't defined.
This is my response:
sniffing help ! 06/27/2012 - SRO Coding Corner - 5 Replies ok i now got the packet sending thing now i need to get the packets data to send and i dont know how to sniff them from sro :S i downloaded wire shark and it moniters the whole network activity which is practicaly imposible to get sro packets from it .... so what i was asking is a tutorial link or a easy program on how to sniff the packets from sro
MARK: when i use edx loader to sniff packets the game crashes after 3 or 4 secs from login
help will be apreciated :)
Packet sniffing 06/06/2010 - Atlantica Online - 0 Replies Anyone tried to capture packets and resend them using wireshark or something?
S4 sniffing hilfe/help 05/06/2010 - General Coding - 15 Replies Hallo zusammen,
ich hab ein problem, und zwar möchte ich Packets von S4 Sniffen und hab auch folgedes TUT durchgelesen und verstanden, aber wenn ich S4 mit dem Bypass aus diesem Tutorial benutze Stoppt Hackshield immer den S4Client
Warum?
Habe Windows Vista 32bit
ICQ IP Sniffing 04/12/2006 - Main - 14 Replies Kann mir jemand ein Tool empfehlen oder erklären wie man die IP's von andern ICQusern aus seiner Kontaktliste snifft?
Mit WPE krieg ich das net hin ^^
![[Help] Sniffing shop.php](https://www.elitepvpers.com/forum/iconimages/darkorbit/help-sniffing-shop-php_ltr.gif){kind=small}
) which sends the request to 
(es1.darkorbit.bigpoint.com/indexInternal.es?action=internalStart&dosid=xx29xx 35xx74xxa9ax46xax1xx40xx69)
