Well well well ... all nice for get's, even authenticated gets. But how about form posts?
There's always the trouble of Referer. I guess If they want, they can shut me down by now. Damn mindless testing. I've left a trail. If they keep track of referer on requests, it's not even that uncommon, then they can get my script request -_- . I've checked it with wireshark. :S I even tried to modify it by using an XMLHTTPRequest object, but... If I had conveniently read the documentation I'd know in advance some headers can't be modified by reasons of security.... I can see why! =P
So I had to find a way to circle around it. And of course as always, I did. Lol see, the idea is that I needed on the fly modification of a form. To do that, I'd need a script to modify the source of a loaded page for me. Wow! Now that's spooky! But possible! Hihihi The name is GreaseMonkey. And there's even a hole gigantic script built for travian, called travian beyond that you can install. There are no limits to what you can do. With some trouble... the game plays it self. Of course... that takes all the fun out of it. I've proven that I can do it... now, I leave it aside and cut the too much to leave a little help only. =P
So far the application works pretty much as a human would operate on a browser, and asides from the fact that it never sleeps more than 20 minutes. It's untraceable!
The trick is the following:
The server can never know if a human or a script did it, because all it gets it's HTTP / TCP packets. If all is filled out correctly, then... bye bye intuition.
God I love machines and it's layered organization. I had never seen a breach in this model until this very moment. It's like completely separate universes communicating by laser beams. You can shake one of them, break it apart but has long has you keep the beams alive and right... no other universe knows you did.
Abstraction... abstraction...
I'm sleeping happier tonight. ;)
ohhh another curiosity. Imagine the following: some document, has anchors, and these anchors have actionscript calls for onclick. How do you make that code execute without using the mouse?
Reasoning:
Here's the function signature: function onclick(Event);
it's still a function... just another function that happens to be called when a mouseEvent occurs. Now if inside it's body it never uses the mouseEvent, can it tell whether it was called by a mouseEvent or some other thing? I have not checked.. but even if it did, I guess you could always instanciate a mouseEvent, but like this you don't even need it. Null is has valid has an object argument has any instance of an object. So if I do:
var anchors = document.getElementsByTagName("a");
for( i=0; i less Than anchors .length ; increase i )
if( anchors dot onclick diferent from null )
anchors[i] dot onclick (null) ;
I can force execution of all anchor onclicks.
Happy codings ;)
Sem comentários :
Enviar um comentário