I'm wondering if someone who is expert can provide some advice since I don't spend much time on these kind of projects or in this field unless necessary so my knowledge never stays lol
I made a checker to check for valid accounts of a popular mmorpg. I first pulled the link from the game client using burp but was having issues with it and ended up finding an old dev test client in the form of a webpage so I pulled that link and went much smoother.
My checker works fine for telling me if accounts valid or not, this is not the issue. The problem is this game has many servers that a character could be on, and the character might be low level or worthless. Im wondering if there is a way I can query any kind of info beyond knowing if the combo is valid or not. Like what server account is used on, character name or anything. Here is a breakdown of what I have.
The link format I use for POST request:
The POST data format sent
username=<USER>&password=<PASS>&rememberPassword=false&REDACTED=REDACTED&ts=1643602235343
Positive keycheck
{"category":"SUCCESS","result":"SUCCESS","error":"SUCCESS","username":"wcahill90","canPatch":"true"}
or
Negative keycheck
{"category":"SERVER_ERROR","result":"SERVER_LOGIC_ERROR","error":"SERVER_LOGIC_ERROR","username":null,"launchArgs":""}
The response headers/cookies I receive also ( which I'm assuming I could possibly use to disclose a little more about the accounts and make further requests? )
Response code: 200 (OK)
Received headers:
Date: Mon, 31 Jan 2022 04:14:40 GMT
Server: Apache
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Type: application/json;charset=UTF-8
Content-Length: 94
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Received cookies:
JSESSIONID: CB0ACF78D5BCC033D4E7BB370BB127DD.lvs-foyert1-13409
lp-version: live
lp-token: 7a4950a3ba385262b7d77d46e32487daed4aade50443820e975de60e5f04959acd3a3b9227b66ab6776e956c6135ed9e89f0ab6fd5e397f3776cef295fb69662
If there is a way to extract or query anymore possible data other than valid or not it could save me a lot of time logging into worthless accounts. Even simply knowing what server there characters are on would save a lot of needless time logging into 20 different posssibillities
my tg ThreeOf4
if youre a roleplayer who doesnt understand anything and runs around the internet acting like they do but only read and never work or have experience ill be happy to flame you up really nice for a min rather than you wasting 10 minutes of mine =D Be honest about your knowledge level in everything and grow from there, atleast its respectable.
People who understand this post should only message, glad to share the target with them etc, acceptable niche =D
I made a checker to check for valid accounts of a popular mmorpg. I first pulled the link from the game client using burp but was having issues with it and ended up finding an old dev test client in the form of a webpage so I pulled that link and went much smoother.
My checker works fine for telling me if accounts valid or not, this is not the issue. The problem is this game has many servers that a character could be on, and the character might be low level or worthless. Im wondering if there is a way I can query any kind of info beyond knowing if the combo is valid or not. Like what server account is used on, character name or anything. Here is a breakdown of what I have.
The link format I use for POST request:
The POST data format sent
username=<USER>&password=<PASS>&rememberPassword=false&REDACTED=REDACTED&ts=1643602235343
Positive keycheck
{"category":"SUCCESS","result":"SUCCESS","error":"SUCCESS","username":"wcahill90","canPatch":"true"}
or
Negative keycheck
{"category":"SERVER_ERROR","result":"SERVER_LOGIC_ERROR","error":"SERVER_LOGIC_ERROR","username":null,"launchArgs":""}
The response headers/cookies I receive also ( which I'm assuming I could possibly use to disclose a little more about the accounts and make further requests? )
Response code: 200 (OK)
Received headers:
Date: Mon, 31 Jan 2022 04:14:40 GMT
Server: Apache
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Type: application/json;charset=UTF-8
Content-Length: 94
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Received cookies:
JSESSIONID: CB0ACF78D5BCC033D4E7BB370BB127DD.lvs-foyert1-13409
lp-version: live
lp-token: 7a4950a3ba385262b7d77d46e32487daed4aade50443820e975de60e5f04959acd3a3b9227b66ab6776e956c6135ed9e89f0ab6fd5e397f3776cef295fb69662
If there is a way to extract or query anymore possible data other than valid or not it could save me a lot of time logging into worthless accounts. Even simply knowing what server there characters are on would save a lot of needless time logging into 20 different posssibillities
my tg ThreeOf4
if youre a roleplayer who doesnt understand anything and runs around the internet acting like they do but only read and never work or have experience ill be happy to flame you up really nice for a min rather than you wasting 10 minutes of mine =D Be honest about your knowledge level in everything and grow from there, atleast its respectable.
People who understand this post should only message, glad to share the target with them etc, acceptable niche =D