|
| 22 Feb 2017 09:59 AM |
I've been trying to do that for a friend
i used tamper to see the POST parameters i need to send
i send exactly the same parameters as tamper but it doesn't seem to work
I checked if both users got BC and trades on and if there are no tradeIds or something that could change and make it not work, but I really can't see the problem
here's what the data I sent roughly looks like:
TradeJSON = { "Ag###########t": [{ "AgentID": ###########, "OfferList": [{ "UserAssetID": "18391797", "Name": "Blue Snipers Visor", "ItemLink": "https://www.roblox.com/catalog/1086814/Blue-Snipers-Visor", "ImageLink": "h#################################################################################### "AveragePrice": 1551, "OriginalPrice": "---", "SerialNumber": "---", "SerialNumberTotal": "---", "MembershipLevel": null }], "OfferRobux": 0, "OfferValue": 1551 }, { "AgentID": #########, "OfferList": [{ "UserAssetID": "4############# "Name": "Sinister Branches", "ItemLink": "https://www.roblox.com/catalog/71484026/Sinister-Branches", "ImageLink": "https://www.roblox.com/asset-thumbnail/image?assetId=71484026&height=110&width=110", "AveragePrice": 951, "OriginalPrice": 125, "SerialNumber": "---", "SerialNumberTotal": "---", "MembershipLevel": null }, { "UserAssetID": "4############# "Name": "Sinister Branches", "ItemLink": "h############################################################ "ImageLink": "https://www.roblox.com/asset-thumbnail/image?assetId=71484026&height=110&width=110", "AveragePrice": 951, "OriginalPrice": 125, "SerialNumber": "---", "SerialNumberTotal": "---", "MembershipLevel": null }]### "OfferRobux": 0, "OfferValue": 1902 }], ###"IsActive": false, "TradeStatus": "Open" } & cmd = send
The parameters I got from tamper were URI encoded btw
I tried both, sending Encoded and decoded data as a string using $.post() but it doesn't work, i got no error
sorry for the hashtags, this post will probably be filtered but if you know how to send a trade I guess you're still able to help me
thanks
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 10:02 AM |
| Are you planning to scam people? Trading items with them through scripts? |
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 10:03 AM |
| I'm pretty sure this violates TOC? Correct me if I'm wrong? |
|
|
| Report Abuse |
|
|
membra
|
  |
| Joined: 14 Oct 2008 |
| Total Posts: 6313 |
|
|
| 22 Feb 2017 10:07 AM |
| trade bots arent against the rules. even shedletsky uses one |
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 10:17 AM |
"Are you planning to scam people? Trading items with them through scripts?"
lol wat
you can't scam people with trades
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 10:38 AM |
I'm pretty sure they are not against the rules, many people uses them(including Shedletsky), and I checked roblox ToS, I couldn't find anything related to bots and stuff, only about in game exploits/cheats and "hacks"
|
|
|
| Report Abuse |
|
|
| |
|
Froast
|
  |
| Joined: 12 Mar 2009 |
| Total Posts: 3134 |
|
|
| 22 Feb 2017 01:04 PM |
| You should get some sort of error, either http or otherwise. Make sure you are also sending XSRF tokens and any related request verification tokens/cookies. |
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 01:59 PM |
Oh wait, actually I have an error, 403 token verification failed.
But I have no idea how to fix that because there is no token to send or anything in the trade POST request
|
|
|
| Report Abuse |
|
|
Froast
|
  |
| Joined: 12 Mar 2009 |
| Total Posts: 3134 |
|
|
| 22 Feb 2017 02:01 PM |
| Yeah that means you didn't put an X-CSRF-TOKEN. The way you get it is after the failure it will be returned in the set-headers header, you then have to send it back as a header. |
|
|
| Report Abuse |
|
|
Froast
|
  |
| Joined: 12 Mar 2009 |
| Total Posts: 3134 |
|
|
| 22 Feb 2017 02:02 PM |
| *it will be in the headers of the response and you have to put it in the headers of the request |
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 02:10 PM |
so I have to send 1 request to get the token, and then another to send it?
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 02:33 PM |
I'm trying to set the token header, but I think i'm doing it wrong, here's the part where I try to set it:
headers: {"Access-Control-Expose-Headers": token},
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 02:37 PM |
I also tried this but still doesn't work:
headers: {"X-CSRF-TOKEN": token}
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 02:40 PM |
I think I send the wrong token...
Also, if I understand what you said right, I am supposed to get the token from response headers?
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 03:20 PM |
Actually, I think there is nothing wrong with the token, but I probs need to send cookies and stuff, and I have no idea how to do that
|
|
|
| Report Abuse |
|
|
|
| 22 Feb 2017 03:32 PM |
X-CSRF-TOKEN is set to Access-Control-Expose-Headers, which means I should be able to get the token right?
but there is no token in the reponse headers ;c
|
|
|
| Report Abuse |
|
|
| |
|
| |
|
| |
|
|
| 23 Feb 2017 08:26 AM |
| function getXsrfToken() { var match = ################################################################ return match[1]; } headers: { "Content-Type": "application/json", "X-CSRF-TOKEN": ############### ## |
|
|
| Report Abuse |
|
|
| |
|
| |
|
| |
|
| |
|