Message from JavaScript discussions

April 2017

— So you would need to roll your own websocket client and game client


Looking at application data, they have many different keys and nonces, you would have to either do a replay attack or find a way to generate these yourself

— What exactly does he want to haxxor on

— I don't think you can do much beyond injecting local JS and making your own client

— I.e. writing a bot

— Ok

— NID, HTTP-only
SAPISID, SSL-only (some session data or key)
SID, no security
SSID, HTTP-only and SSL-only
_cfduid, HTTP-only and SSL-only

Message permanent page

— Those are keys you can target that seem to be secured or otherwise important

— Wut it seems arabic to me lel

— It is session related cryptography and key systems

— Ok

— In order to talk to the server you need to spoof all or some of these