API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 2nd, 2019
732
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.98 KB | None | 0 0
raw download clone embed print report
  1. const request = require('request');
  2. const Request = request;
  3. const zlib = require("zlib");
  4. var un = "ace0003"
  5. var pw = "6KLm4E2014"
  6.  
  7. var xsrf;
  8. var cookie;
  9. const security_cookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_17364B426C17C33058425588F161D5FE65F03002FF7FCAE4906DD12839C4166D346D3D9A5F4E14212851CDBFA66A6F607769D3BB96C7AAD98CB2DDA07E42C3495EFAA08A3D07504FB9F34EA58189A160A3236AEE6F2EC13ED1B380548B1A44C0BD70059C34AEE00D01679DA0A7F31A2A1595DCEC1DF8704DEF033B9275664DB92D96838B47954720E5445FE6427E0BF4677823628C9C80D25D811F994AD31DA197810E3B128FC1657A9A3FCF8E50A9AB7387C38FBE10A43F1684173EA6F2C554DF4B175ECF46870977B330A2363A571EF1E99EE025CEC89F3E7D060BFC8D6C09D67042EE0EFD95E4CAA8F88D5AF230CBA2E8377FCB40E494367BD4A41C468455128A5191468F6E02EA888BA195A596BCBAC4704AF0B2E64DBD544F4EC84B8888D837E6ED"
  10.  
  11.  
  12. function GetTokenAndBuy() {
  13. console.log("Logging in. Please wait...");
  14. request.post("https://api.roblox.com/sign-out/v1", (error, response, body) => {
  15. if(error) {
  16. console.log(error);
  17. return;
  18. }
  19.  
  20. if(!response.headers['x-csrf-token']){
  21. console.log("ERROR WITH XSRF TOKEN!");
  22. }
  23.  
  24. xsrf = response.headers['x-csrf-token'];
  25.  
  26. BuyItem({ AssetId: 1829155983 }, "PZfcOVL/+i3w")
  27. })
  28. }
  29.  
  30. function Buy(productId, expectedPrice, sellerId, xsrftoken, item, recursive) {
  31. if (recursive > 1) {
  32. return;
  33. }
  34. xsrftoken = "J3BGdPvGK/Mi";
  35. Request.post(
  36. {
  37. url: `https://www.roblox.com/api/item.ashx?rqtype=purchase&productID=${productId}&expectedCurrency=1&expectedPrice=${expectedPrice}&expectedSellerID=${sellerId}&userAssetID=`,
  38. method: 'POST',
  39. encoding: null,
  40. headers: {
  41. 'Host': 'www.roblox.com',
  42. 'Connection': 'keep-alive',
  43. 'Content-Length': 0,
  44. 'Accept': '*/*',
  45. 'Origin': 'https://www.roblox.com',
  46. 'X-CSRF-TOKEN': xsrf,
  47. 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36',
  48. 'Content-Type': 'application/json; charset=utf-8',
  49. 'Referer': `https://www.roblox.com/catalog/${item.AssetId}/${item.Name}`,
  50. 'Accept-Encoding': 'gzip, deflate, br',
  51. 'Accept-Language': 'en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7',
  52. 'Cookie': '.ROBLOSECURITY=' + security_cookie
  53. }
  54. },
  55.  
  56. function (err, res, body) {
  57. if (err) return console.log("you failed little shit (3)");
  58.  
  59. //console.log(res.headers);
  60. console.log("X-CSRF-TOKEN from last request:", res.headers['x-csrf-token']);
  61. xsrf = res.headers['x-csrf-token'];
  62. zlib.gunzip(body, function(err, dezipped) {
  63. if (dezipped != undefined) {
  64. var json_string = dezipped.toString('utf-8');
  65. console.log("Attempt to purchase item. Response: " + json_string);
  66. } else {
  67. console.log("Failed to purchase. " + res.statusMessage + " ("+ res.statusCode + ")");
  68. Buy(productId, expectedPrice, sellerId, xsrftoken, item, recursive + 1)
  69. }
  70.  
  71. });
  72.  
  73. console.log("Attempt to purchase item. Response: " + body)
  74. //console.log("willem check ur inv", body, res.statusCode)
  75. //console.log(res.headers);
  76. /*Request.post({
  77. url: "https://discordapp.com/api/webhooks/529961201099079680/8gVVAj1tGga8DFQI-NlkjHh48gSN-HMJVmnqy7VfnLJHHQg6HfkLKyofKEQ20mI-eQnB",
  78. method: 'POST',
  79. formData: {
  80. "content": `Attempted to buy item.\nItem name: ${item.Name}\nExpected price: ${expectedPrice}\nSeller: https://www.roblox.com/users/${sellerId}/profile\nHTTP Status Code: ${res.statusCode} (${res.statusMessage}\nItem URL: https://www.roblox.com/catalog/${item.AssetId}/${item.Name}`,
  81. "avatar_url": item.ThumbnailUrl,
  82. "username": `Item Sniper (res ${res.statusCode})`,
  83. }
  84. });*/
  85. }
  86.  
  87. )
  88. }
  89.  
  90. function GetDetails(item) {
  91. Request(
  92. {
  93. url: `https://www.roblox.com/catalog/${item.AssetId}/${item.Name || "willem"}`,
  94. method: 'GET',
  95. headers: {
  96. 'Accept-Charset': 'utf-8'
  97. }
  98. },
  99.  
  100. function (err, res, body){
  101. if (err) return console.log("You failed little shit! (2)");
  102.  
  103. var jsdom = require("jsdom");
  104. const { JSDOM } = jsdom;
  105. const { window } = new JSDOM(body);
  106.  
  107. var $ = jQuery = require('jquery')(window);
  108.  
  109. let ItemData = $("#item-container").data();
  110.  
  111. const expectedPrice = parseInt( ItemData.expectedPrice ) || 0;
  112. const sellerId = parseInt( ItemData.expectedSellerId ) || 0;
  113. const productId = parseInt( ItemData.productId ) || 0;
  114.  
  115. console.log(expectedPrice)
  116.  
  117. Buy(productId, expectedPrice, sellerId, xsrf, item, 0);
  118. }
  119.  
  120. );
  121. }
  122.  
  123. function BuyItem(item, xsrftoken) {
  124. console.log("X-CSRF-TOKEN", xsrftoken);
  125.  
  126. Request.post(
  127. {
  128. url: `https://www.roblox.com/api/item.ashx?rqtype=purchase&productID=${productId}&expectedCurrency=1&expectedPrice=${expectedPrice}&expectedSellerID=${sellerId}&userAssetID=`,
  129. method: 'POST',
  130. encoding: null,
  131. headers: {
  132. 'Host': 'www.roblox.com',
  133. 'Connection': 'keep-alive',
  134. 'Content-Length': 0,
  135. 'Accept': '*/*',
  136. 'Origin': 'https://www.roblox.com',
  137. 'X-CSRF-TOKEN': xsrftoken,
  138. 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36',
  139. 'Content-Type': 'application/json; charset=utf-8',
  140. 'Referer': `https://www.roblox.com/catalog/${item.AssetId}/${item.Name}`,
  141. 'Accept-Encoding': 'gzip, deflate, br',
  142. 'Accept-Language': 'en-GB,en-US;q=0.9,en;q=0.8,nl;q=0.7',
  143. 'Cookie': 'GuestData=UserID=-1491175195; gig_hasGmid=ver2; _ga=GA1.2.232860733.1539263602; RBXcb=11; RBXSource=rbx_acquisition_time=12/16/2018 9:18:45 AM&rbx_acquisition_referrer=&rbx_medium=Direct&rbx_source=&rbx_campaign=&rbx_adgroup=&rbx_keyword=&rbx_matchtype=&rbx_send_info=1; PCWARS_OPEN=0; RBXEventTrackerV2=CreateDate=12/26/2018 6:44:16 AM&rbxid=106739906&browserid=32090297579; _gid=GA1.2.79550314.1546003951; __utmz=200924205.1546346422.126.20.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utma=200924205.232860733.1539263602.1546355545.1546418325.128; __utmc=200924205; gig_canary=false; gig_canary_ver=2155-1-25773600; .ROBLOSECURITY=' + security_cookie
  144. }
  145. },
  146.  
  147. function (err, res, body) {
  148. if (err) return console.log("you failed little shit (3)");
  149.  
  150. zlib.gunzip(body, function(err, dezipped) {
  151. if (dezipped != undefined) {
  152. var json_string = dezipped.toString('utf-8');
  153. console.log("Attempt to purchase item. Response: " + json_string);
  154. } else {
  155. console.log("Failed to purchase. " + res.statusMessage + " ("+ res.statusCode + ")");
  156. }
  157.  
  158. });
  159.  
  160. console.log("Attempt to purchase item. Response: " + body)
  161. //console.log("willem check ur inv", body, res.statusCode)
  162. //console.log(res.headers);
  163. /*Request.post({
  164. url: "https://discordapp.com/api/webhooks/529961201099079680/8gVVAj1tGga8DFQI-NlkjHh48gSN-HMJVmnqy7VfnLJHHQg6HfkLKyofKEQ20mI-eQnB",
  165. method: 'POST',
  166. formData: {
  167. "content": `Attempted to buy item.\nItem name: ${item.Name}\nExpected price: ${expectedPrice}\nSeller: https://www.roblox.com/users/${sellerId}/profile\nHTTP Status Code: ${res.statusCode} (${res.statusMessage}\nItem URL: https://www.roblox.com/catalog/${item.AssetId}/${item.Name}`,
  168. "avatar_url": item.ThumbnailUrl,
  169. "username": `Item Sniper (res ${res.statusCode})`,
  170. }
  171. });*/
  172. }
  173.  
  174. )
  175. }
  176.  
  177. /* FUNCTION BELOW NOT WORKING: NEED TO WAIT FOR LOGIN CAPTCHA BYPASS! */
  178. function login(username, password) {
  179. console.log("Logging in. Please wait...");
  180. request.post("https://api.roblox.com/sign-out/v1", (error, response, body) => {
  181. if(error) {
  182. console.log(error);
  183. return;
  184. }
  185.  
  186. if(!response.headers['x-csrf-token']){
  187. console.log("ERROR WITH XSRF TOKEN!");
  188. }
  189.  
  190. xsrf = response.headers['x-csrf-token'];
  191.  
  192. var post = JSON.stringify({
  193. "ctype": "Username",
  194. "cvalue": username,
  195. "password": password
  196. });
  197.  
  198. //post = "username=" + username + "&password=" + password; //comment out this line if you're using auth.roblox.com instead of api.roblox.com
  199.  
  200. request.post("https://auth.roblox.com/v2/login", {
  201. body: post,
  202. //proxy: "https://176.192.110.66:45781",
  203. /*formData: {
  204. "username": username,
  205. "password": password
  206. },*/
  207. //proxy: pr,
  208. headers: {
  209. "Content-Type": "text/json",
  210. "Connection": "keep-alive",
  211. "Content-Length": post.length,
  212. "Accept": "application/json, text/plain, */*",
  213. "Origin": "https://www.roblox.com",
  214. "Referer": "https://www.roblox.com/Login",
  215. "Accept-Encoding": "gzip, deflate, br",
  216. "User-agent": "Roblox/WinInet",
  217. "X-CSRF-TOKEN": xsrf,
  218. }
  219. }, (error, response, body) => {
  220.  
  221.  
  222. if(error) {
  223. console.log(error);
  224. return;
  225. }
  226. console.log("X-CSRF-TOKEN from last request:", response.headers['x-csrf-token']);
  227. if(response.statusCode == 200) {
  228. cookie = response.headers['set-cookie'][0].split(";")[0];
  229. console.log("Successfull request!");
  230. request.post("https://api.roblox.com/sign-out/v1", {
  231. headers: {
  232. "Connection": "keep-alive",
  233. "Accept": "application/json, text/plain, */*",
  234. "Origin": "https://www.roblox.com",
  235. "Content-Type": "application/json;charset=UTF-8",
  236. "Referer": "https://www.roblox.com/Login",
  237. "Accept-Encoding": "gzip, deflate, br",
  238. "User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
  239. "Cookie": cookie
  240. }
  241. }, (error, response, body) => {
  242. if(!response.headers['x-csrf-token']){
  243. console.log("ERROR WITH XSRF TOKEN!");
  244. }
  245. xsrf = response.headers['x-csrf-token'];
  246. //askMode();
  247. })
  248. } else {
  249. console.log("Failed to login!");
  250. console.log(response.statusCode, response.statusMessage);
  251. console.log(body);
  252. }
  253.  
  254. })
  255. })
  256. }
  257. GetDetails({ AssetId: 1639361 });
  258. //GetTokenAndBuy()
  259. //BuyItem(1829155983, )
  260. //login(un, pw);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!