Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing

[Exploit] Winsock Packet Editor + Guide

CriticalError
 Share

Recommended Posts

CriticalError Proficient

CriticalError

Posted
Posted

well first hello well upon request from this user gerero in this post 

[url]http://www.maxcheaters.com/forum/index.php?topic=49214.0[/url]

I got asked to make a tutorial on WPE Pro, so I will

 

I'll explain all the things you need to know to start with WPE.

 

First of all, your Anti-Virus will probably recognise WPE as a Trojan, but it isn't really one, i donwload it and give me equal error from other guys buts it just uses similar things as a Trojan don't worry.

 

Now, the main 5 things about WPE are:

Attaching WPE Pro

Packet Sniffing

Packet Sending

Packet Editing

Packet Filters

Saving/Loading Packetlists/filters

 

These are the 5 things I will be explaining in this tutorial

 

Attaching WPE Pro:

To get started, you need to attach your WPE to the program you'd like to hack.

To attach WPE to a program you need to have both WPE and the program running ofcourse.

As an example I will be using Dark Eden, to use some old screenshots I already had.

Now, to attach WPE to the program press the "Target Program"-button (marked with 1). After clicking it a window will pop up, and in that window you search for the program you'd like to attach to and highlight it (as in 2). Now press "Open" (marked with 3) and you'll have attached WPE to the program!

 

48348162.png

 

Packet Sniffing:

To sniff for packets going in and out a program, you need to attach to the program and press the play button in the Trace Control (upper box with the meters in it). If you press the button WPE will start sniffing packets and will keep doing that untill either you press the red stop button or the buffer is maxed. (To adjust your max. buffer go to View>Option and change the number in the Buffer area to what you'd like to be the max. buffer)

When WPE stops recording a window will pop up containing all the sniffed packets. It will show the number of the packet, the first 50 double digits and the translation of those 50 digits and if it's either Send, Sendto, Received or ReceivedFrom.

Send means the packet started in your computer, Received means it came from somewhere else.

If you want your WPE pro to only snif for a certain type of packet go to View>Option and tag/untag the corresponding boxes in the Winsock Functions part. (In example, if you want to snif only for Send packets, untag Received, ReceivedFrom and SendTo)

 

Packet Sending:

If you want to start sending packets, you need to know how to add packets to your sending list. There are 3 possible ways: Making a new packet(as marked with 2), Loading a saved packetlist or getting one out of your sniffed packets list.

I won't explain how to make completely new packets, because beginning hackers won't have any use with it, and Loading a saved packetlist will be explained later on.

To get one out of your sniffed packet list you need to double click it in the window that poped up after sniffing for packets. Note: Received packets are often not good for sending.

If you added one to your list you will see "[]New Packet" in your send list.

If you do not see it it could either be because you didn't add it well, or you're still on your filter list. To go to your send list just press the Send tab (marked with 1).

 

width=640 height=429http://img26.imageshack.us/img26/3872/88633356.png[/img]

 

To start sending the packets you need to tag the boxes ([ ] > [X]) of those you'd like to send, and then press the play button in the Actions Console (bottom part with the Send and Filter list in it). A new window will pop up. Here you can fill in how many times you'd like to send the packets, and at what speed. You can also chose between Open Socket and New Socket, I won't explain New socket so just stick to Open socket.

if you use open socket, you'll have to make sure the propper port is filled in. To make sure you've filled in the propper port, just right click on one of the packets in the Sniffed packets list and select "Set Send list with this socket id". You only have to do this only once per time you attach to a program.

When all is in order in the Send Settings Window, you press the play button and WPE will start sending packets. To stop sending packets, click the red stop button in the Actions Console.

 

Packet Editing:

To edit a packet you need to have it in your send list.

Double click the packet and a new window will pop up with all the information about the packet. In there you can read all the information there is about the packet and not only the first 50 double digits.

Things there are to change:

a. double digits

b. translation of the digits

c. name

d. size

 

a. Just higlight one of the digits and press the key you want to change it with. Note: this will automaticly generate the new translation aswel.

b. Just highlight the part you want to change, and change it. Note: this will also change the digits accordingly, but they might change in the wrong ones.

c. The name your packet has in your send list, no biggy, only makes it easier to differ one packet from another.

d. Changes to this number will change the amount of double digits you have in your packet. Increasing it will add a couple of 00 digits, and decreasing will remove a couple of the last double digits.

 

I can't tell you in what you should change the digits when changing them, because every game uses his own coding his packets.

 

Packet Filters:

First of all go to the Filter list by pressing the Filter tab in the Actions Console.

There you'll see a list of empty filters. To add new filters you have 2 possible ways: making one yourself or loading a saved one(I'll explain this in the next chapter).

Making your own filter is easy. Double click one of the filters in the list and a Filter Edit window will pop up.

 

69426478.png

 

1. The name your filter will have in the filter list.

2. To which type of packets the filter will be aplied to.

3. What type of filter you want. I'll explain the normal filter first.

4. Tag this box ([ ] > [X]) if you only want the filter to stop these packets from coming in, and not edit them.

5. Search: The double digits the filter will search for. Modify: Into what the filter will change the found packet's double digits.

6. Number of times it will apply the modification.

7.Advanced Filter option, will be explained later on.

 

To make a normal filter, just fill in after SEARCH the double digits it needs to look for manually or copy paste it from the packet window in the send list. Then fill in after MODIFY what those digits need to change in.

You can also make the filter only change Send or Received packets by tagging/untagging the coresponding boxes.

 

Advanced filters are for the little bit more advanced hackers, but aren't that hard really.

 

97640663.png

 

This will be the window when you select "the beginning of the packet". Modifications will now start from the point in the packet where the matching double digits were found.

Now you can also adjust the max. length in the packet the filter will search in. Just tag the box and fill in the number, no biggy.

You can also make the filter change one or 2 double digits in the found packet instead of the whole found packet.

 

98181631.png

 

This is the window you get when "from the position of the chain found" is selected.

Here you can modify digits that came before the chain you were looking for, and not only after or in. Nothing else changes really.

 

 

Ok, now you know how to make filters. To run filters, just select them and press the little "On" button. The filter list will turn gray, and you won't be able to edit the filters anymore, but they will be active. To stop using the filters just hit the little "On" button again.

 

 

Saving/Loading Packetlists/Filters:

Packetlists:

 

To save a packetlist just press the little floppy disk (marked with 1), fill in the name for your list (marked with 2) and press the "Save" button(marked with 3).

If saved properly you will see a file in the directory with the name of your list and a .spt ending (like the one marked with 4).

 

width=640 height=438http://img4.imageshack.us/img4/9167/26751814.png[/img]

 

To load a packetlist press the folder button(marked with 1), chose the propper file(as for example the file marked with 2) and press "Open"(marked with 3). The list will show up under the current list in your Send list.

 

width=640 height=444http://img14.imageshack.us/img14/2139/45759516.png[/img]

 

Filters:

Same as in packetlists, but then when you're looking at the Filters Tab.

Note: you can also create a password protected save with filters.

 

That's all for the tutorial kids, if you enjoyed reading it, or/and found errors in it, feel free to post Smile.

Owh and, ofcourse, reputation is always welcome Smile (a positive one that is XD) hoep help this enjoy guys

 

[url]http://rapidshare.com/files/203976284/wpepro09x.rar[/url]

 

Password: www.maxcheaters.com/CriticalError

CriticalError Proficient

CriticalError

Posted
  • Author
Posted

What this prog doing can u explain me plx ? :D :D thx

well man i add more info about that specially this is a TCP / IP Packet Sniffer  With Virus Capabilities Mistaken For A Trojan

 

1. Disable Anti-Virus (Because these days security can detect Wpe)

2. Open WPE PRO.exe (WpeSpy.dll Must be in same folder)

3. Target The Process You Wish To Hack / Sniff.

 

In Most Cases:

Iexplore.exe

Firefox.exe

Or Game Process.

 

Make filters if needed, I rarely use them.

Press the Record button (Looks like this for those who cant see what'sn front of them Its a black arrow top left)

Stop when the event you are waiting for happens.

 

Look through the bottom packets that appear until you find what you need. (also look through them all, because you might find something you would find to come in handy later.)

 

Right click to see a menu appear.

Send: A new window will appear allowing you to see the IP of the server your connected to.

And will also allow you to view the port and edit & send the packet again.

 

Add to send list: Ads the packet to the send list, To view this list go to bottom left hand corner & click the tab "Filter / Send" (send)

In hear you can also save packets & open previously saved packets.

 

Set send list with socket id: This speaks for its self, It adds the port that the packet was received from.

This way you can send saved packets in the send list, Without having to add a port manually.

 

fun :)

 

Best Regards

CriticalError

Wyratrux Newbie

Wyratrux

Posted
Posted

Its  like Cheat Engine !!!! Edit your stats .. bla bla ...but it gets detected by GG . :(

 

Nice share though ... I know how to use it :)

 

I used it on cheating some games :)

Guest
This topic is now closed to further replies.
 Share
Go to topic listing


  • Posts

    • FunBasec
      PlayCMS is a website management system for Lineage 2 gaming

      By FunBasec · Posted

      Added the protection module to the demo.   DDoS Guard Pro v2.0 is a system protection module for PlayMMO CMS designed to reduce the load on the website during HTTP floods, bot activity, suspicious frequent requests, and attacks on individual pages or API methods. Unlike simple global limiters, DDoS Guard Pro v2.0 supports flexible rules based on routes and HTTP methods. This allows you to block the entire site in a targeted manner, rather than blocking the entire site equally. You can set up protection for specific areas of the site, such as login, registration, APIs, administration, forms, and other sensitive areas. What is the purpose of the module? DDoS Guard Pro v2.0 helps protect your site from basic L7 attacks at the HTTP request level. The module is useful when your site receives: frequent requests from a single IP address; HTTP page floods; login or registration form flooding; automatic requests from bots; URL scanning; frequent API requests; suspicious activity spikes; load on individual CMS methods or pages. The module helps to reduce the load on PHP and CMS by limiting suspicious activity before it starts to create a serious load on the site. Main features Per-route and per-method Rate Limit In the new version, protection is configured not only globally, but also according to specific rules. You can set limits separately for: GET; POST; PUT; PATCH; DELETE; ALL. This allows you to flexibly protect different parts of your website. For example: for the login page, you can set a strict limit; for registration, you can set a separate limit; for the API, you can set a limit for reading and a limit for changing data; for regular website pages, you can set a soft limit or not set a limit at all. This approach reduces the risk of accidentally blocking regular users and makes the protection more accurate. Flexible rule system The module supports setting rules in the following format: METHODS|PATTERN|LIMIT|WINDOW|BURST_LIMIT|BURST_WINDOW|BLOCK_SECONDS|IDENTITY|NAME Example of rules: POST|*login*|10|60|5|10|600|ip|login_post POST|*register*|8|60|4|10|600|ip|register_post GET|*api*|300|60|80|10|120|ip|api_get PUT,PATCH,DELETE|*api*|80|60|20|10|300|ip|api_write This allows you to specify exactly: which HTTP methods to protect; which URLs or URL patterns to consider; how many requests are allowed; over what time period; what burst limit to use;  how many seconds to block the offender;  by which ID to count the limit;  what the rule is called. Burst protection against sharp spikes  In addition to the regular request limit, the module monitors sharp spikes of activity.  This is useful when a bot makes many requests in a few seconds. In this case, the protection can be activated faster, without waiting for the overall limit per minute.  Burst protection is especially useful for: authorization pages; registration; API; search; data submission forms; administrative sections. Support for different types of requests DDoS Guard Pro v2.0 works not only with POST requests. The module can control: GET — regular pages, API requests, search; POST — forms, login, registration, data submission; PUT — updating data via API; PATCH — partial data update; DELETE — data deletion; ALL — all methods at once. This makes the module suitable not only for regular sites, but also for CMS with API, personal accounts, game panels and administrative actions. Limit storage: Redis, APCu and file fallback In the new version, the module supports several options for storing temporary data. Available modes: Redis; APCu; file fallback. The auto mode tries to use the most suitable option: Redis; APCu; file storage as a fallback. Redis or APCu are suitable for more efficient operation, while the file storage is left as a fallback option for simple hosting environments that do not have additional extensions. JSONL logging The module records protection events in JSON Lines format. Logs are saved in the following file: storage/logs/ddos_guard.jsonl This format is more convenient than a regular text log, because each event is stored as a separate JSON record. The logs can record the following information: event time; IP address; HTTP method; URL; name of the triggered rule; reason for blocking; number of requests; action status; user-agent; protection mode. The JSONL format is convenient for analysis by external tools, log agents, and monitoring systems. Prometheus metrics DDoS Guard Pro v2.0 adds an endpoint for receiving metrics in Prometheus format. Endpoint: /?ddos_guard_metrics=TOKEN The token is set in the module settings. Metrics allow you to track: the number of processed requests; the number of rule activations; the number of blocks; activity by limits; protection events; module status. This allows you to connect monitoring and configure alerts so that the administrator can see when suspicious activity starts on the site. LOG ONLY mode The module has a LOG ONLY mode. In this mode, DDoS Guard Pro does not block users, but only records events and potential triggers in the log. This mode is recommended to be used after installation, in order to first see which rules are triggered, and only then to enable the real blocking.  This helps to avoid too strict limits and random blocking of regular users.  Support for Cloudflare and proxy  The module supports working behind Cloudflare or another reverse proxy.  With proper configuration, it is possible to take into account the real IP of the user, and not the IP of the proxy server.  This is important for sites that use:  Cloudflare; nginx reverse proxy; load balancers; CDN; hosting proxy protection. Nginx-recommendations DDoS Guard Pro v2.0 contains an example nginx-config: modules/ddos_guard/nginx-ddos-guard-example.conf This allows you to use the module as an additional application layer of protection, and to move the main coarse limits to the nginx level. Recommended protection scheme: Cloudflare / nginx / firewall → DDoS Guard Pro → PlayMMO CMS This approach is more correct than trying to solve all problems only at the PHP level.
    • eMommy
      Needing DEV.

      By eMommy · Posted

    • RMTgold
      Buying & Selling POE & POE2 Divine-Mirrors

      By RMTgold · Posted

      PAYPAL& BINANCE
    • RMTgold
      Buying & Selling Wynncraft Stx

      By RMTgold · Posted

      PAYPAL& BINANCE
    • RMTgold
      Buying & Selling Torn City Cash

      By RMTgold · Posted

      PAYPAL& BINANCE

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..