Message from JavaScript discussions
April 2017
— So you would need to roll your own websocket client and game client
Looking at application data, they have many different keys and nonces, you would have to either do a replay attack or find a way to generate these yourself
— What exactly does he want to haxxor on agar.io?
— I don't think you can do much beyond injecting local JS and making your own client
— I.e. writing a bot
— Ok
— NID, HTTP-only
HSID, HTTP-only
SAPISID, SSL-only (some session data or key)
SID, no security
SSID, HTTP-only and SSL-only
_cfduid, HTTP-only and SSL-only
— Those are keys you can target that seem to be secured or otherwise important
— Wut it seems arabic to me lel
— It is session related cryptography and key systems
— Ok
— In order to talk to the server you need to spoof all or some of these