League of Legends uses the following certificate and sends everything through JSON HTTPS:
Encrypted HTTPS traffic
Secure Protocol: Tls
Cipher: Aes128 128bits
Hash Algorithm: Sha1 160bits
Key Exchange: RsaKeyX 2048bits
== Server Certificate ==========
[Subject]
CN=ekg.riotgames.com, OU=Data, O=Riot Games Inc, L=Santa Monica, S=California, C=US
[Issuer]
CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
[Serial Number]
0F12D086833CB8DBD4E6A1BAE807C88A
[Not Before]
6-6-2012 02:00:00
[Not After]
10-6-2015 14:00:00
[Thumbprint]
4A99727383355FB33430B60F2865748F58AD2EF4
JSON:
HEADERS:
Referer: app:/LolClient.swf/[[DYNAMIC]]/53
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, text/css, image/png, image/jpeg, image/gif;q=0.8, application/x-shockwave-flash, video/mp4;q=0.9, flv-application/octet-stream;q=0.8, video/x-flv;q=0.7, audio/mp4, application/futuresplash, */*;q=0.5
x-flash-version: 11,6,602,161
Content-Type: application/json
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows; U; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) AdobeAIR/3.6
Host: ekg.riotgames.com
Connection: Keep-Alive
JSON DATA TO SEND:
{"timestamp":13686026565,"session_id":"YOURSESSION ID","region":"EUW1","app":"air","send_probability" :1,"client_version":"3.6.13_05_09_12_15","account_ id":"YOURACCOUNTID","gas_auth_token":"0","data":nu ll,"auth_state":"authedclient","messageType":"pvpn et_input_chooseIcon_saveIcon","summoner_level":30}
The above data was send when i changed my profileIcon
Can we hack the swf file in any way maybe?