A simple autoclicker for online games

I once was a moderator of a big online game located in Malaysia. While working as a moderator I was also involved in debugging and securing the software. Hence I tried everything to find exploits in the game's securety system. There was one securety issue I don't know how to eliminate. I'm going to describe the technique used here in detail.

First of all you need a proxy server running on your local machine and a browser with javascript enabled.
I used SmartCache as proxy server because it supports URL rewriting which is necessary. That's why I suggest you using this proxy server. Besides this it's always good to have a proxy server running to increase speed and to reduce transfer volume.

First you need to download SmartCache from Sourceforge.net. Now unzip the file you just downloaded to directory of you choice. Copy all *.cnf files from the smaple directory to the program's directory. After that you need to edit some of these files.
The most important thing is to setup a cache directory. For instance, you could create a directory x:\scache\ where x is a drive letter of your choice. On a unix system choose something appropriate.
Look for the line specifying the cache_dir value and adjust it:

cache_dir x:\scache

Now you should be able to specify the proxy in your browser's settings. The proxy's server should be localhost or 127.0.0.1, the port is 8088 by default.
Finally you should be able to start smartcache by starting scache.bat (Windows), scache.cmd (OS/2) or just by entering java scache at the console.

After you tested smartcache successfully you now need to modify the rewrite.cnf.
Add a line like the following:

www.yourgamehost.com/frameset.html x:\files\autoclick.html

This will make smartcache send the autoclick.html instead of the frameset.html. The browser will think that the page frameset.html has been loaded from the server but the server won't know anything about the file frameset.html.

The easiest way of programming internet sites on the client side is by using Javascript. Due to the securety limitations of the Javascript engine of all browsers it's only possible to modify the content of pages loaded from the same server the modified page is loaded from. That means that a local page could open a frameset with a frame whith an external source, but it wouldn't be able to edit its content. We solve that problem by "moving" our frameset to the server.

From this point on there is no recipe applicable to all games anymore. Nonetheless I'll try to give sample solutions to the most often faced problems.

Point your browser to your game's login page, but don't login yet. Have a look at the sourcecode. You'll probably find a form somewhere which got a specified name and a submit button. As we want to have a well working client, wen need a special way of accessing the forms and links on the site.
The game's programmers might have included some securety, e.g. giving the form no name or an random name, or a submit button that executes some validation code. Hence we need to act like we were a real user, meaning we "type" and "click".
It may look similar to the following code:

<form action="page.html" method="post" name="loginform">
Name: <input type="text" name="nick"/>
Password: <input type="password" name="password"/>
<input type="submit" value="Login" />
</form>

The form defined has three attributes: the target, the method and the name. A form does not need to have a name. The form is accessed via document.form["loginform"] or (if it is the first form defined in the HTML page) via document.form[0]. That will return a form object including all elements. In most cases the submit form's submit method can be used. If there is some event connected with an OnClick event of the submit button then the click itself has to be simulated. The button is accessed via form.elements[2] in this case. The method used to simulate the click is button.click(). This is just the same like the user clicked with the mouse.

All objects of a html file can be access with javascript. The browser builds up a document tree. The elements of this tree can either be access by a unique name or by their position, which is a number. If an element has no name the use of numbers can't be avoided. The values of text inputs can be changed with form.elements[x].value("YourName") for example. That should work in most cases.

This text is not finished. In case I wanted to I could write many pages about that topic, but I don't want to make life that easy! The methods described here won't be liked by any online game designer for example. It is possible to protect a page against such attacks, but it's not easy. Please keep in mind that most games prohibit things like that. If you are implmenting an application on the basis of what I presented don't blame me if lose you access.
I gained this knowledge while I was a staff member of a major online game. I found this way of using javascript while looking for bugs and securety holes. This is one of the holes a game can hardly protected against :-)