Inferno Rohan

[maikleBT1]

Quote:

Originally Posted by ieyancallo

Everyone here has the right to criticize the servers being advertise in this forum. And that kind of attitude won't get you anywhere besides being hate by your own players.

That Truly 100% but there some just want to criticize and they didnt like any server just friends servers

[Ludie1]

Quote:

Originally Posted by im batman

Um, you are not just sharing your server. Seriously, fix your client. You are leaking your player's private information back to playwith.

you just spam the post leave this it please -_-

[im batman]

Yet instead of trying to explain what makes your server so great, you rage at us when anyone says anything negative. Try pointing out the positive aspects of your server instead of "Waaaaa! You doing nothing but complaining about my server! I don't want to hear your criticism!".

I mean that kind of attitude does not win you any players on your server. Instead of crying at me, tell me why your server is great (and no, player count does not make your server great - just about any **** indo server can boast 300-400 players daily).

And I am providing you with valuable input. Because that input is critical, you call it spam. I call it valuable information you should be listening to.

Quote:

Originally Posted by Ludie1

you just spam the post leave this it please -_-

Another Ammadpurba id? You know that is not allowed here right?

Anyhow are you saying it is perfectly alright for his client to be leaking their player's information back to Playwith/YNK? I don't think so!!!

[maikleBT1]

Quote:

Originally Posted by im batman

Anyhow are you saying it is perfectly alright for his client to be leaking their player's information back to Playwith/YNK? I don't think so!!!

1. its already fixed
2. its not sending a infos its just send a false bug report
3. the request back its 404 page not found
4. stop making drama you killed topic -_-

[Ludie1]

Quote:

Originally Posted by im batman

Yet instead of trying to explain what makes your server so great, you rage at us when anyone says anything negative. Try pointing out the positive aspects of your server instead of "Waaaaa! You doing nothing but complaining about my server! I don't want to hear your criticism!".

I mean that kind of attitude does not win you any players on your server. Instead of crying at me, tell me why your server is great (and no, player count does not make your server great - just about any **** indo server can boast 300-400 players daily).

And I am providing you with valuable input. Because that input is critical, you call it spam. I call it valuable information you should be listening to.



Another Ammadpurba id? You know that is not allowed here right?

Anyhow are you saying it is perfectly alright for his client to be leaking their player's information back to Playwith/YNK? I don't think so!!!

Poor spamming guy if you talk to much show us ur server to see what you got

[BuzyBee]

Not on anyone's side here,But I can tell you theyer doing something right because there's all ways 150-200 or even more on everyday.This passed weekend there was 242 players online.The server is very active at this time.And people seem to enjoy it.

Just sayin......

[ceau_mama]

yea 200 bots and 4 players only

[maikleBT1]

Quote:

Originally Posted by ceau_mama

yea 200 bots and 4 players only

prolly

[anoofy]

#deleted

[SmSong]

@ I agree, you can put many as you want, but this buzybee is tard enough to believe every single **** they say.

[maikleBT1]

Quote:

Originally Posted by im batman

If you bothered to take the time to read my post I am just not talking about the calls to login.playwith.com that every client makes (and that most smart pserver players will fix by adding it to their hosts file)

Since you have obviously not bothered to do your own tracing, here is a snipped of my capture when logging into your server with your client.

I strongly suggest you read it and take the necessary actions to stop sharing your user's info with PlayWith/YNK:

 Spoiler

POST HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 27
Pragma: no-cache

id=panamajoe&passwd=#######
HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:31 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 4
Content-Type: text/html

-202

------------------------------------------------------------------

POST HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 94
Pragma: no-cache

id=panamajoe&passwd=P0pt4rt&ver=1,0,4,905&test=0&c ode=0&pcode=b03883672e20ab1e13aebb08a2b2d403
HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:32 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 59
Content-Type: text/html

D4DBE45F-9F45-4115-9196-98BA6F6A4C73|200147|RH_4.1.0.0|10|0

------------------------------------------------------------------

CONNECT 62.128.100.163:443 HTTP/1.1
Host: 62.128.100.163:443

After the client received notice of the established CONNECT, it failed to send any data.

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:11.669
Connection: close



------------------------------------------------------------------

POST ) HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 0
Pragma: no-cache


HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:32 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 218
Content-Type: text/html

Inferno Developmen|185.44.76.40|22199|3|3|0|0|0|0|Ping: 33 MS(Full/1000)|Event exp 500%|185.44.76.40|22112|3|3|1|0|0|0|Ping: 33 MS (Light/1000)|Inferno Developmen|185.44.76.40|22199|3|3|0|0|0|1|Test Server (Light/100)|

------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: F9 8B 14 4A 7E DE F3 FC F6 EF C5 1B 8E AD 90 53 F6 6B F9 4A F6 38 A8 2A FA 20 CB D4 3A FB 85 C7
"Time": 5/20/2009 7:02:17 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:26.073
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: F0 A6 49 43 9D 56 82 A4 7B 3C 75 D4 AB 6E 74 E2 14 ED 2E 14 0C EF 26 13 7B 41 19 F2 C8 55 A5 56
"Time": 10/9/2005 7:25:36 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:27.557
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 90 58 67 E4 BD 39 01 C6 10 B4 B5 42 06 28 E5 D9 A5 59 2B 81 D3 4E FF D7 CD 78 EE A1 68 D8 7D 14
"Time": 6/6/2091 10:22:08 AM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:30.081
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 9D 57 4A 23 D6 20 DA 4C 2F 99 EF AC A9 CA A3 DB 40 9D 3A A9 7A 2F DF AA 8B F2 CE FB E3 33 C9 68
"Time": 10/5/1988 1:10:53 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:34.502
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: BA C5 92 CA E0 B3 F3 27 C1 31 97 5A 50 76 54 7B AE 7E BA 25 1A 5A 92 07 57 FE 5C 2F 16 EE F0 2E
"Time": 9/11/2077 4:08:26 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:43.487
Connection: close



------------------------------------------------------------------

CONNECT shop.playrohan.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Content-Length: 0
Host: shop.playrohan.com
Connection: Keep-Alive
Pragma: no-cache

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 59 C3 E5 3D B7 2E 91 23 6E AD 08 92 D2 33 71 F8 4C 24 B1 E8 41 89 B2 19 DE 7B 6B AF B9 89 1C DA
"Time": 11/28/2002 2:18:49 AM
SessionID: empty
Extensions:
server_name shop.playrohan.com
status_request OCSP - Implicit Responder
elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa
SessionTicket empty
extended_master_secret empty
renegotiation_info 00
Ciphers:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression:
[00] NO_COMPRESSION



HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:49.519
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 384bits

== Server Certificate ==========
[Subject]
CN=*.playrohan.com, OU=PremiumSSL Wildcard, O=Playwith Interactive Inc, STREET=9090 Irvine Center DR, STREET=Suite 100, L=Irvine, S=CA, PostalCode=92618, C=US

[Issuer]
CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

[Serial Number]
6F9BDDDB5D9473E185E97251E2D7E95E

[Not Before]
12/16/2015 7:00:00 PM

[Not After]
2/21/2018 6:59:59 PM

[Thumbprint]
46F0EB5CF11E92A25CFD614DD82529656493E1F9

[SubjectAltNames]
*.playrohan.com, playrohan.com


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Host: shop.playrohan.com
Connection: Keep-Alive
Cookie: _ga=GA1.2.1557899702.1493485719


HTTP/1.1 302 Object moved
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 283
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:13:49 GMT
Location:
Server: Microsoft-IIS/7.0
Set-Cookie: R%5Fcon=cookiesS=343339393039323837; domain=playrohan.com; path=/
Set-Cookie: ASPSESSIONIDSEBSCCRQ=HKLHIDKBBHLHJIDEJEJOILFP; secure; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://portal.playrohan.com/Login/Login.process_Game.html?userid=panamajoe&userip=## .##.##.##&usersession=D4DBE45F-9F45-4115-9196-98BA6F6A4C73&game=">here</a>.</body>


------------------------------------------------------------------

CONNECT portal.playrohan.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Host: portal.playrohan.com:443
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 59 C3 E5 3E C8 DC 0B 49 FD D4 8A 54 B0 2E 70 0F B5 0D CC A2 5D 20 C2 B4 AF 78 B8 CA 99 6D 18 EB
"Time": 6/10/2003 7:39:05 AM
SessionID: empty
Extensions:
server_name portal.playrohan.com
status_request OCSP - Implicit Responder
elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa
SessionTicket empty
extended_master_secret empty
renegotiation_info 00
Ciphers:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression:
[00] NO_COMPRESSION



HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:50.156
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 384bits

== Server Certificate ==========
[Subject]
CN=*.playrohan.com, OU=PremiumSSL Wildcard, O=Playwith Interactive Inc, STREET=9090 Irvine Center DR, STREET=Suite 100, L=Irvine, S=CA, PostalCode=92618, C=US

[Issuer]
CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

[Serial Number]
6F9BDDDB5D9473E185E97251E2D7E95E

[Not Before]
12/16/2015 7:00:00 PM

[Not After]
2/21/2018 6:59:59 PM

[Thumbprint]
46F0EB5CF11E92A25CFD614DD82529656493E1F9

[SubjectAltNames]
*.playrohan.com, playrohan.com


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Connection: Keep-Alive
Host: portal.playrohan.com
Cookie: _ga=GA1.2.1557899702.1493485719; R%5Fcon=cookiesS=343339393039323837


HTTP/1.1 302 Object moved
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 188
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:12:50 GMT
Location:
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQGAQABTR=JBPDIDKBPCIBCMBNOCNHEJNE; secure; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://shop.playrohan.com/ItemMall/Game_Call.html?returnCode=-8002">here</a>.</body>


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Connection: Keep-Alive
Host: shop.playrohan.com
Cookie: _ga=GA1.2.1557899702.1493485719; R%5Fcon=cookiesS=343339393039323837; ASPSESSIONIDSEBSCCRQ=HKLHIDKBBHLHJIDEJEJOILFP


HTTP/1.1 200 OK
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 35
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:13:50 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

Check User Ip or Game Session value

------------------------------------------------------------------

Simply look thru that for calls to
/ItemMall/Game_call.html?id=panamajoe&ip=##.##.##.##&Session=D4DBE45F-9F45-4115-9196-98BA6F6A4C73

or
panamajoe&userip=##.##.##.##&usersession=D4DBE45F-9F45-4115-9196-98BA6F6A4C73&game=

And you will see that your client my friend is sending my IP address to PlayWith when I am playing your server. Opening ME up to PlayWith's wrath if they choose to do so. And NO, that does not come back with a 404 idiot. You can see that for yourself in the log. Now try and deny that you aren't sending the IP addresses of every single player on your server to PlayWith/YNK.

Don't fk with me. Apparently I know a LOT more about this kind of thing than you do.

That only the client send to our server Only so stop making stupid drama you just editing just to make our server shitly (you're big Hater)
and anyone can go check of your all post if u liked or said somthing good for else your server friends

and any one can download fiddler and check
And also all players ip are same IP cuz the gateway or maybe you missed that xD

Quote:

Originally Posted by anoofy

do u know everyone can change the online players on the website ?

and in the files he can make 200 players + the really online players so 200 is fake number and the 12 which after the 200 is the really
Btw how active server ?
Last PK from 1hr and 12mins rofl

LOOOOOL That what i was missed you come attack me also
1.your clock its not same server clock
2.The Server Is pve
3.and about the players

[im batman]

Quote:

Originally Posted by maikleBT1

That only the client send to our server Only so stop making stupid drama you just editing just to make our server shitly (you're big Hater)
and anyone can go check of your all post if u liked or said somthing good for else your server friends

and any one can download fiddler and check
And also all players ip are same IP cuz the gateway or maybe you missed that xD

Learn how to use Fiddler. Your little screen print only shows that you know how to use fiddler's filter. I don't use a filter and see all the traffic leaving your client. The only thing I change in that is to obscure my own IP addresses since they do mot belong in this forum.

Are you seriously blind? Are you saying that shop.playwith.com and portal.playwith.com are YOUR server? You want to tell me why MY user id and WAN ip address are being sent to YNK in that trace? I hate to break this to you but it is not your server's IP address that is being sent to YNK. It is MY IP address! I checked.

You want to tell me why the client you supplied to me is sending that? Spare me the BS and explain why you are allowing your client to leak player information to YNK! I have shown you logs of what your client is doing. Fix it.

[oziel235]

Quote:

Originally Posted by im batman

If you bothered to take the time to read my post I am just not talking about the calls to login.playwith.com that every client makes (and that most smart pserver players will fix by adding it to their hosts file)

Since you have obviously not bothered to do your own tracing, here is a snipped of my capture when logging into your server with your client.

I strongly suggest you read it and take the necessary actions to stop sharing your user's info with PlayWith/YNK:

 Spoiler

POST HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 27
Pragma: no-cache

id=panamajoe&passwd=#######
HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:31 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 4
Content-Type: text/html

-202

------------------------------------------------------------------

POST HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 94
Pragma: no-cache

id=panamajoe&passwd=P0pt4rt&ver=1,0,4,905&test=0&c ode=0&pcode=b03883672e20ab1e13aebb08a2b2d403
HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:32 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 59
Content-Type: text/html

D4DBE45F-9F45-4115-9196-98BA6F6A4C73|200147|RH_4.1.0.0|10|0

------------------------------------------------------------------

CONNECT 62.128.100.163:443 HTTP/1.1
Host: 62.128.100.163:443

After the client received notice of the established CONNECT, it failed to send any data.

HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:11.669
Connection: close



------------------------------------------------------------------

POST ) HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (Compatible; MSIE 4.0b2; Update; Windows 95)
Host: sexyg4m3rz.net
Content-Length: 0
Pragma: no-cache


HTTP/1.1 200 OK
Date: Fri, 22 Sep 2017 00:05:32 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
X-Powered-By: PHP/5.4.31
Accept-Ranges: bytes
Content-Length: 218
Content-Type: text/html

Inferno Developmen|185.44.76.40|22199|3|3|0|0|0|0|Ping: 33 MS(Full/1000)|Event exp 500%|185.44.76.40|22112|3|3|1|0|0|0|Ping: 33 MS (Light/1000)|Inferno Developmen|185.44.76.40|22199|3|3|0|0|0|1|Test Server (Light/100)|

------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: F9 8B 14 4A 7E DE F3 FC F6 EF C5 1B 8E AD 90 53 F6 6B F9 4A F6 38 A8 2A FA 20 CB D4 3A FB 85 C7
"Time": 5/20/2009 7:02:17 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:26.073
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: F0 A6 49 43 9D 56 82 A4 7B 3C 75 D4 AB 6E 74 E2 14 ED 2E 14 0C EF 26 13 7B 41 19 F2 C8 55 A5 56
"Time": 10/9/2005 7:25:36 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:27.557
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 90 58 67 E4 BD 39 01 C6 10 B4 B5 42 06 28 E5 D9 A5 59 2B 81 D3 4E FF D7 CD 78 EE A1 68 D8 7D 14
"Time": 6/6/2091 10:22:08 AM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:30.081
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 9D 57 4A 23 D6 20 DA 4C 2F 99 EF AC A9 CA A3 DB 40 9D 3A A9 7A 2F DF AA 8B F2 CE FB E3 33 C9 68
"Time": 10/5/1988 1:10:53 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:34.502
Connection: close



------------------------------------------------------------------

CONNECT bolt.dropbox.com:443 HTTP/1.1
Host: bolt.dropbox.com
Connection: keep-alive

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: BA C5 92 CA E0 B3 F3 27 C1 31 97 5A 50 76 54 7B AE 7E BA 25 1A 5A 92 07 57 FE 5C 2F 16 EE F0 2E
"Time": 9/11/2077 4:08:26 PM
SessionID: empty
Extensions:
server_name bolt.dropbox.com
ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
SessionTicket empty
signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
Ciphers:
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Compression:
[00] NO_COMPRESSION



HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:43.487
Connection: close



------------------------------------------------------------------

CONNECT shop.playrohan.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Content-Length: 0
Host: shop.playrohan.com
Connection: Keep-Alive
Pragma: no-cache

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 59 C3 E5 3D B7 2E 91 23 6E AD 08 92 D2 33 71 F8 4C 24 B1 E8 41 89 B2 19 DE 7B 6B AF B9 89 1C DA
"Time": 11/28/2002 2:18:49 AM
SessionID: empty
Extensions:
server_name shop.playrohan.com
status_request OCSP - Implicit Responder
elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa
SessionTicket empty
extended_master_secret empty
renegotiation_info 00
Ciphers:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression:
[00] NO_COMPRESSION



HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:49.519
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 384bits

== Server Certificate ==========
[Subject]
CN=*.playrohan.com, OU=PremiumSSL Wildcard, O=Playwith Interactive Inc, STREET=9090 Irvine Center DR, STREET=Suite 100, L=Irvine, S=CA, PostalCode=92618, C=US

[Issuer]
CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

[Serial Number]
6F9BDDDB5D9473E185E97251E2D7E95E

[Not Before]
12/16/2015 7:00:00 PM

[Not After]
2/21/2018 6:59:59 PM

[Thumbprint]
46F0EB5CF11E92A25CFD614DD82529656493E1F9

[SubjectAltNames]
*.playrohan.com, playrohan.com


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Host: shop.playrohan.com
Connection: Keep-Alive
Cookie: _ga=GA1.2.1557899702.1493485719


HTTP/1.1 302 Object moved
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 283
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:13:49 GMT
Location:
Server: Microsoft-IIS/7.0
Set-Cookie: R%5Fcon=cookiesS=343339393039323837; domain=playrohan.com; path=/
Set-Cookie: ASPSESSIONIDSEBSCCRQ=HKLHIDKBBHLHJIDEJEJOILFP; secure; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://portal.playrohan.com/Login/Login.process_Game.html?userid=panamajoe&userip=## .##.##.##&usersession=D4DBE45F-9F45-4115-9196-98BA6F6A4C73&game=">here</a>.</body>


------------------------------------------------------------------

CONNECT portal.playrohan.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Host: portal.playrohan.com:443
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 59 C3 E5 3E C8 DC 0B 49 FD D4 8A 54 B0 2E 70 0F B5 0D CC A2 5D 20 C2 B4 AF 78 B8 CA 99 6D 18 EB
"Time": 6/10/2003 7:39:05 AM
SessionID: empty
Extensions:
server_name portal.playrohan.com
status_request OCSP - Implicit Responder
elliptic_curves unknown [0x1D), secp256r1 [0x17], secp384r1 [0x18]
ec_point_formats uncompressed [0x0]
signature_algs sha256_rsa, sha384_rsa, sha1_rsa, sha256_ecdsa, sha384_ecdsa, sha1_ecdsa, sha1_dsa, sha512_rsa, sha512_ecdsa
SessionTicket empty
extended_master_secret empty
renegotiation_info 00
Ciphers:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[009D] TLS_RSA_WITH_AES_256_GCM_SHA384
[009C] TLS_RSA_WITH_AES_128_GCM_SHA256
[003D] TLS_RSA_WITH_AES_256_CBC_SHA256
[003C] TLS_RSA_WITH_AES_128_CBC_SHA256
[0035] TLS_RSA_AES_256_SHA
[002F] TLS_RSA_AES_128_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA

Compression:
[00] NO_COMPRESSION



HTTP/1.0 200 Connection Established
FiddlerGateway: Direct
StartTime: 12:13:50.156
Connection: close

Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.

Secure Protocol: Tls
Cipher: Aes256 256bits
Hash Algorithm: Sha1 160bits
Key Exchange: ECDHE_RSA (0xae06) 384bits

== Server Certificate ==========
[Subject]
CN=*.playrohan.com, OU=PremiumSSL Wildcard, O=Playwith Interactive Inc, STREET=9090 Irvine Center DR, STREET=Suite 100, L=Irvine, S=CA, PostalCode=92618, C=US

[Issuer]
CN=COMODO RSA Organization Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

[Serial Number]
6F9BDDDB5D9473E185E97251E2D7E95E

[Not Before]
12/16/2015 7:00:00 PM

[Not After]
2/21/2018 6:59:59 PM

[Thumbprint]
46F0EB5CF11E92A25CFD614DD82529656493E1F9

[SubjectAltNames]
*.playrohan.com, playrohan.com


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Connection: Keep-Alive
Host: portal.playrohan.com
Cookie: _ga=GA1.2.1557899702.1493485719; R%5Fcon=cookiesS=343339393039323837


HTTP/1.1 302 Object moved
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 188
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:12:50 GMT
Location:
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQGAQABTR=JBPDIDKBPCIBCMBNOCNHEJNE; secure; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="https://shop.playrohan.com/ItemMall/Game_Call.html?returnCode=-8002">here</a>.</body>


------------------------------------------------------------------

GET HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Creative AutoUpdate v1.41.09)
Connection: Keep-Alive
Host: shop.playrohan.com
Cookie: _ga=GA1.2.1557899702.1493485719; R%5Fcon=cookiesS=343339393039323837; ASPSESSIONIDSEBSCCRQ=HKLHIDKBBHLHJIDEJEJOILFP


HTTP/1.1 200 OK
Cache-Control: no-cache,must-revalidate,private
Pragma: no-cache
Content-Length: 35
Content-Type: text/html;charset=UTF-8
Expires: Thu, 21 Sep 2017 16:13:50 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 21 Sep 2017 16:13:49 GMT

Check User Ip or Game Session value

------------------------------------------------------------------

Simply look thru that for calls to
/ItemMall/Game_call.html?id=panamajoe&ip=##.##.##.##&Session=D4DBE45F-9F45-4115-9196-98BA6F6A4C73

or
panamajoe&userip=##.##.##.##&usersession=D4DBE45F-9F45-4115-9196-98BA6F6A4C73&game=

And you will see that your client my friend is sending my IP address to PlayWith when I am playing your server. Opening ME up to PlayWith's wrath if they choose to do so. And NO, that does not come back with a 404 idiot. You can see that for yourself in the log. Now try and deny that you aren't sending the IP addresses of every single player on your server to PlayWith/YNK.

Don't fk with me. Apparently I know a LOT more about this kind of thing than you do.

There's something wrong. I did a detailed scan on the server and found nothing. I blocked all incoming outgoing connections, leaving only free the server connection. I used Wireshark and Fiddler to identify something suspicious or something related to YNK and nothing happened. Even accessing ConsigmentList that could be where it would be connecting with the SHOP. PlayRohan. Nothing happened. Authentication is normal there is no trace of sending information and another my dear friend.

Detail use the rohanclient. EXE provided by the server. I have no ties to this or any server of ROHAN. But I see your toxicity trying to spoil the image of a simple server. If you were choosing a server to play. That server would be the best option I'm sorry, but the truth hurts.

Some information below was merely added to smear the server image.
Sorry to see that kind of attitude.

What guarantees you weren't with the Irohan open? It's simple to talk about the others. This evidence is not convincing, maybe you can fool some noob.

[im batman]

Quote:

Originally Posted by oziel235

There's something wrong. I did a detailed scan on the server and found nothing. I blocked all incoming outgoing connections, leaving only free the server connection. I used Wireshark and Fiddler to identify something suspicious or something related to YNK and nothing happened. Even accessing ConsigmentList that could be where it would be connecting with the SHOP. PlayRohan. Nothing happened. Authentication is normal there is no trace of sending information and another my dear friend.

Detail use the rohanclient. EXE provided by the server. I have no ties to this or any server of ROHAN. But I see your toxicity trying to spoil the image of a simple server. If you were choosing a server to play. That server would be the best option I'm sorry, but the truth hurts.

Some information below was merely added to smear the server image.
Sorry to see that kind of attitude.

What guarantees you weren't with the Irohan open? It's simple to talk about the others. This evidence is not convincing, maybe you can fool some noob.

OK. I've done my best to show this fellow that he has an issue to fix on his client - there is nothing wrong with the server sending stuff out and never at any point did I say there was.
I have pointed out the problem. If he cares about the security of his players he will fire up a hex editor on his rohanclient.exe (or whatever he is calling it) and change those domain names to something that will not go through. If he can't be bothered to do that, then I have tried my best to get him to care.

I am not sure what you thought you were scanning for oziel, but my log snippet is there for everyone to see. Perhaps you can explain it to him (hint: Rohan has an in-game IM feature that is logged in by the client. Good servers would redirect that to their own IM shop ). All Rohan clients do this and any decent dev will make the effort to ensure it does not phone home to YNK by patching his client.

This is the last I will say on this subject. I will leave it to this guy to figure out.
@ do feel free to purge my id out of your RohanUser database and block my IP (you have it). I have done my testing, made my observations clear and won't be doing any further on this server.

/Cheers!

[BuzyBee]

Quote:

Originally Posted by SmSong

@ I agree, you can put many as you want, but this buzybee is tard enough to believe every single **** they say.

"Tard huh?Well sorry not everyone knows how to hack their way threw game files and the internet it's self,such as you?!And still i say screw your pay to play server!

Sorry you yourself more then likely had to get a dev for your server because i can tell your not the brightest crayon in the box yourself!

So I say again,stfu indo boy