If you believe 2 years of CS are required to achieve this.. Anybody with a brain can exploit this classic, basic flaw, without any CS studies but just some curiosity. Sorry to put it blundly like this though.
Probably yes. Sending scores in HTTP requests is such a low-hanging fruit for exploitation.
A friend of mine was responsible for scoring system on games. As they had some real awards (like bikes, tickets etc.) they captured the entire flow of the game with various statistics and later analyzed them for weird variations. That was in Flash and people used browser plugins to slow down the play, that was easy to spot. Of course it won't stop 100% of attacks, but it raises a bar sufficiently to thwart most attempts.
the tamper window seems to not open half the time leaving after specifying to tamper request headers, leaving chrome waiting for the extension with no way to resume the request
Charles proxy, Paros, Burp and Fiddler are all great tools to intercept and modify traffic.
Great for debugging or just inspecting/reversing/hacking in general.
Im glad if similar tools are being made available as browser extensions, it might lower the barrier to entry and get more people poking at the network layer.
Good point. I tend to disable all for Incognito mode, then use that mode for things like online banking. Are there better approaches, like dedicating a separate browser for super sensitive stuff with absolutely nothing installed?
How much functionality should browsers have built in? Seems like extra bloat for the 99.9% of users who'd never even need this, but the same could be said for most of the dev tools I guess.
24 comments
[ 3.3 ms ] story [ 61.5 ms ] threadI was amazed at how simple it was to use. Pretty full-featured, as well.
[0]: http://kevinwang.us/cheating-a-guide-to-achieving-high-score...
A friend of mine was responsible for scoring system on games. As they had some real awards (like bikes, tickets etc.) they captured the entire flow of the game with various statistics and later analyzed them for weird variations. That was in Flash and people used browser plugins to slow down the play, that was easy to spot. Of course it won't stop 100% of attacks, but it raises a bar sufficiently to thwart most attempts.
nice
Great for debugging or just inspecting/reversing/hacking in general.
Im glad if similar tools are being made available as browser extensions, it might lower the barrier to entry and get more people poking at the network layer.
PS: https://github.com/square/PonyDebugger is a cool debugger that lets you use Chrome developer tools when developing iOS apps.
PS2: https://paw.cloud/ and some other tools take these proxies to a whole new level in terms of UI/polish.
[1]: https://addons.mozilla.org/en-us/firefox/addon/tamper-data/