Bungie.net Community
This topic has moved here: Subject: Script Central> All GM Scripts Here!
  • Subject: Script Central> All GM Scripts Here!
Subject: Script Central> All GM Scripts Here!

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account

Posted by: ctjl96
shut up zoob


well that was easy

  • 07.06.2012 9:07 AM PDT

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account


Posted by: jross1993

Posted by: robby118
Posted by: jross1993
Anyway. I'm looking for a userstyle... I forgot who made it. But it was "glassy" or something... I think.
I think this may be what you are looking for.

Cheers. :)


how do you download it as a user script?

  • 07.06.2012 9:10 AM PDT

#101111011110111100001# is a '7'.
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
Greasemonkey Scripts
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
Posted by: Alec9224
Indeed. I haven't had XBL for a long time, but I still come on her everyday.

Posted by: zoobkillerninja

Posted by: jross1993

Posted by: robby118
Posted by: jross1993
Anyway. I'm looking for a userstyle... I forgot who made it. But it was "glassy" or something... I think.
I think this may be what you are looking for.

Cheers. :)


how do you download it as a user script?
This should work.

  • 07.06.2012 10:17 AM PDT

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account


Posted by: robby118
Posted by: zoobkillerninja

Posted by: jross1993

Posted by: robby118
Posted by: jross1993
Anyway. I'm looking for a userstyle... I forgot who made it. But it was "glassy" or something... I think.
I think this may be what you are looking for.

Cheers. :)


how do you download it as a user script?
This should work.


it does not really work... it only showed up on the page were you read post and the background did not show..

is there any themes that work?

  • 07.06.2012 10:21 AM PDT

3bc4a4c208dcf9d11f00ed99 a2bbf6e22a6cf2ffacca69b79 c8791044c033f55


Posted by: zoobkillerninja

Posted by: thebuzzardbait
Shi options isn't loading right for me, when I click the link it says it couldn't be found.

Help?


do you need a download link or is the script not working?
I think he needs a download link.

  • 07.06.2012 3:09 PM PDT

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account


Posted by: Squirtle

Posted by: zoobkillerninja

Posted by: thebuzzardbait
Shi options isn't loading right for me, when I click the link it says it couldn't be found.

Help?


do you need a download link or is the script not working?
I think he needs a download link.


linky

links to script can be found in his sig

  • 07.06.2012 5:43 PM PDT

Posted by: ApocalypeX
By the way an injected script can do anything you can do on Bnet, read your PMs
Any script can do that.
Posted by: ApocalypeX
send PMs
Uh, definitely not.
Posted by: ApocalypeX
post on the forums
Also bull-blam!-.
Posted by: ApocalypeX
edit groups
No.
Posted by: ApocalypeX
edit your profile info
No, but I can read it.
Anyway it all comes down to whether or not you think I give a -blam!- about dicking with your Bnet.

[Edited on 07.06.2012 6:02 PM PDT]

  • 07.06.2012 6:01 PM PDT

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account


Posted by: ctjl96
Tidus links his scripts in his sig for some reason. -blam!- you zoob, I know I'm ninja'd, but I win because you said 'linky' like a -blam!-.


:P

  • 07.06.2012 6:02 PM PDT

Cammalamm is the best.

External Links-
>My Photobucket page
>My Twitter account


Posted by: ctjl96

Posted by: ApocalypeX
edit your profile info
No, but I can read it.
Anyway it all comes down to whether or not you think I give a -blam!- about dicking with your Bnet.


is that a serious question?

  • 07.06.2012 6:03 PM PDT

So you lied about him creating fake PM but you insist that your script is safe?
Posted by: ctjl96
the PM I sent him is legit

  • 07.06.2012 7:04 PM PDT

Posted by: All of humanity
So you lied about him creating fake PM but you insist that your script is safe?
Posted by: ctjl96
the PM I sent him is legit

Oh, no, I was showing how easy it is to fake. I definitely sent him that PM for sure, because he knows damn well there's nothing besides read things, and while it is technically unsafe, the idea is that it's a surprise (it's not even like a big thing), and I did it this way so people like Apoc wouldn't try to cheat and see what it is.

No, it's not good practice, and no, the script isn't harmful. I already talked to Duardo about it. Everything is gonna be k. Him telling everyone the dangers is perfectly fine, however I don't find it appropriate to go "UNINSTALL NAO" to a script I worked pretty hard on to write in 2 days (including the backend).

In any case it's pretty damn lame to post private messages.
Posted by: zoobkillerninja

Posted by: ctjl96

Posted by: ApocalypeX
edit your profile info
No, but I can read it.
Anyway it all comes down to whether or not you think I give a -blam!- about dicking with your Bnet.


is that a serious question?

Yes, and the serious answer is no. The most I could really do (that I would be concerned about) is me reading your profile information, which I have literally no interest in doing. Apoc is just trying to stir up -blam!- and make a mountain out of a molehill.

Although he is right, loading external js like the way I did is not only not standard practice, but a pain in the ass for a reason. However, again, my personal assurances as well as the server administrator himself's should really be enough. You'll see what it does on Bungie Day, good God.

[Edited on 07.06.2012 7:18 PM PDT]

  • 07.06.2012 7:10 PM PDT

Now, in the quantum moment before the closure, when all become one. One moment left. One point of space and time.

I know who you are.

You are Destiny.

While the concern is legitimate, I can, once again, assure that the script is safe, and that this entire argument is completely blown out of proportion.

I've authored multiple scripts that require specific PHP files to function, and there is nothing malicious in them. If I wanted to insert something malicious, I could. Will I? No, because I'm not a dick. This draws parallel to ctjl's script - I've looked over the source code, and it's fine. We're here to make cool things; not make everyone's day hell.

[Edited on 07.06.2012 7:36 PM PDT]

  • 07.06.2012 7:32 PM PDT
  • gamertag: [none]
  • user homepage:

SPOOOOOOOOOOOOOOOOOOON!

Ok, time to drop it. The creator and Host Admin have assured us the code is safe. Apoc and ctj have acknowledged the potential danger. Either DL and install it or don't. You can discuss the script all you want, but this point of contention is just becoming problematic.

  • 07.06.2012 7:36 PM PDT

Minor script changes that fix an annoying-ass bug that will happen all of Bungie day that Apoc, our supreme ruler of security, failed to miss.

Simply redownload the script if you're using Firefox, or click the wrench on the toolbar if you're in Chrome and go to Tools > Extensions, and click the button that says "update extensions" and the script should update.

Feel free to post any bugs here.

EDIT: Oh look it's Bungie Day and all it did was change the t's in Subject titles to 7's! OGH NO UNIHSNTALL NAO!!!!!!11111111111

[Edited on 07.07.2012 2:33 AM PDT]

  • 07.06.2012 9:04 PM PDT

Halo Waypoint Superintendent // Forger // Junior Games & Web Developer.

Halo4ger.com - Founder/Admin.

@DerFlatulator

Reaching Perfection || Blueprint -- Action Sack Lead

My stomach churned when I saw that `eval()` on AJAX loaded JSON from an external PHP file...

However, B.net, being an ASP site, requires (as far as I know, I know very little in the ways of ASP) `__doPostBack()` functions, which require the entire form to be submitted to the server, so as far as I can think, it's not a security flaw from a perspective of affecting anything other than your own browser being manipulated.

Could be wrong.

Not trying to stir things up, just pointing that out.

[Edited on 07.07.2012 5:14 AM PDT]

  • 07.07.2012 5:10 AM PDT

Yeah, DF, eval() is no-no most of the time simply because of how it works, and esp. with a php script that changes depending on the date, it's risky.

But, like you said, the site uses postBacks, rather than actual hyperlinks (which is really safe), so while I can definitely read things, I can't actually send anything, I don't think. Anyway, you can see the JSON string the script echoes here now that it's 7/7.

Actually, that raises a good question. I'm gonna try to see if I can even write a script to send you a PM. You're gonna be my test whore, k?

EDIT: I don't see how it's possible. You'd have to be able to load a page via AJAX... and then run js in that AJAX page. Don't see how that can be done.

[Edited on 07.07.2012 5:43 AM PDT]

  • 07.07.2012 5:27 AM PDT

Halo Waypoint Superintendent // Forger // Junior Games & Web Developer.

Halo4ger.com - Founder/Admin.

@DerFlatulator

Reaching Perfection || Blueprint -- Action Sack Lead


Posted by: ctjl96
[...]
EDIT: I don't see how it's possible. You'd have to be able to load a page via AJAX... and then run js in that AJAX page. Don't see how that can be done.


Exactly. I can't think of a way to do it.
This is the message-send postback, for example.
WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("ctl00$mainContent$messageForm$s kin$submitButton", "", true, "messageform", "", false, true))
It needs a form to be present, AND the server to be awaiting the request, so you would have to open the PM page behind the scenes (AJAX), and somehow send a postback from within that limited DOM, and I don't think that is possible.

  • 07.07.2012 5:48 AM PDT

Understand that AJAX is just an abstraction of technologies running atop HTTP, just as the browser UI does. So it's easy to emulate the latter with the former, which is why all of the things Apoc listed as being possible is true.

  • 07.07.2012 5:52 AM PDT

Good, daz, you're smart. How could you possibly execute javascript on something that's not even real HTML.... I just use jQuery to grab the page, then $(response.responseText) to generate an HTML page... but then what? How could you run Js in an emulated HTML page?

Or wait... maybe since all global functions are really methods of the Window object... if I stored the HTML-generated responseText as a variable, would I be able to use normally global functions in that page as a method for that variable?

[Edited on 07.07.2012 5:59 AM PDT]

  • 07.07.2012 5:55 AM PDT

Halo Waypoint Superintendent // Forger // Junior Games & Web Developer.

Halo4ger.com - Founder/Admin.

@DerFlatulator

Reaching Perfection || Blueprint -- Action Sack Lead

jQuery defaults to HTTP GET requests. In the JSON script you could possibly add a form to the current HTML page (in a hidden element), and send a jQuery HTTP POST, via AJAX, to the server. This would work if it was a PHP server, but I don't think it will ever work with a ASP server, for reasons already mentioned.

Edit: you'd also have to re-include the MS JS API, I think.

[Edited on 07.07.2012 6:03 AM PDT]

  • 07.07.2012 6:02 AM PDT

Five years older and wiser
The fires are burning, I'm fire, never tire
Slay warriors in the forests, and on hire

Lets get some things straight because this is getting silly.

There is nothing wrong with normal scripts, of course they can be malicious but the code that is being run is visible to the user installing so you can see if there is a risk in the code.

The reason why your script is bad is because the user cannot see the code you are running, you are loading it from an external source with can change at any time. You have stated yourself it's a bad thing to do yet you still did it. No one cares if an "admin" of a server has said the file is "safe" there is no reason to use cross site scripting.

And lets talk about posting to Bnet with it's callback stuff, I told you before when you asked about the auto reply button. Yes it is possible to post forms and data to Bnet with scripts, in fact dazarobbo wrote a entire framework for doing this. To do it is just a case of getting all the variables required e.g. BNETSTATE and form IDs etc.

You keep shooting down the idea of posting data to bnet in a script only because "lul I tried to do it but couldnt haha so no one can :p".

[Edited on 07.07.2012 6:08 AM PDT]

  • 07.07.2012 6:06 AM PDT

Halo Waypoint Superintendent // Forger // Junior Games & Web Developer.

Halo4ger.com - Founder/Admin.

@DerFlatulator

Reaching Perfection || Blueprint -- Action Sack Lead


Posted by: ApocalypeX
Lets get some things straight because this is getting silly.

There is nothing wrong with normal scripts, of course they can be malicious but the code that is being run is visible to the user installing so you can see if there is a risk in the code.

The reason why your script is bad is because the user cannot see the code you are running, you are loading it from an external source with can change at any time. You have stated yourself it's a bad thing to do yet you still did it. No one cares if an "admin" of a server has said the file is "safe" there is no reason to use cross site scripting.

Agreed on that.

And lets talk about posting to Bnet with it's callback stuff, I told you before when you asked about the auto reply button. Yes it is possible to post forms and data to Bnet with scripts, in fact dazarobbo wrote a entire framework for doing this. To do it is just a case of getting all the variables required e.g. BNETSTATE and form IDs etc.
Is that all that is required? Some data to go along with the POST? I've always thought the ASP server has to send out the form, in order for it to manage the postBack.

Interesting.

  • 07.07.2012 6:13 AM PDT

It's certainly not safe for them, no, but I did it anyway because I know it's not malicious. All I hear is you whining etc etc we have code wah wah changing Ts to 7s is bad etc. Yeah, okay, the script was not malicious (oh wow! who'd have thought!) and the whole thing is done and over with.

That's not at all what I was saying, don't be a jackoff. I was just noting that I couldn't do it myself. If you would quit being such a smartass, perhaps we could all learn a bit.

[Edited on 07.07.2012 6:24 AM PDT]

  • 07.07.2012 6:17 AM PDT

Five years older and wiser
The fires are burning, I'm fire, never tire
Slay warriors in the forests, and on hire

Posted by: Der Flatulator6
Is that all that is required? Some data to go along with the POST? I've always thought the ASP server has to send out the form, in order for it to manage the postBack.

Interesting.

AJAX is loading a page in the background so what is the difference? If you have requested the page with AJAX, store the page, make your input (e.g. forum post) then submit it back that is a valid post.

  • 07.07.2012 6:18 AM PDT