CantrSpy 1.04

[Liljum]

I get an error on cantrspy, can it be because of the lockdown at the moment?

[joo]

Yes, I believe that the script is not configured properly so it returns some HTML error message as part of the character list.

If it hasn't been fixed when the game goes back online, I shall inquire about it.

[Doug R.]

It's busted. Error messages galore.

[joo]

That must mean that the script is still broken. I could PM marol about it... is he active?

[Jos Elkink]

I think this should be fixed now.

[sammigurl61190]

It is fixed, thank you, Jos.

[joo]

For anybody who experienced error messages about "Xt_DelTray", "Xt_AddTray", or anything similar, this new version might address that issue... although since I have not yet been able to synthesise the conditions under which the reported error occured, I can be by no means sure that this will change anything. At the very least, the error message should be less confusing.

CantrSpy-0.91.rar - http://www.mediafire.com/?m5jx3mbkmbm
CantrSpy-0.91.zip - http://www.mediafire.com/?iidezwjz2ie

I think this should be fixed now.

Thank you, Jos. The script works fine now... however, did you not wish to make some changes to the protocol?

[palpatin]

Good work, and thanks for sharing, Joo.

As ceselb posted earlier it would be nice to put alerting sounds and guess we can all think of a few features to implement which would be useful.

Would you mind making the source and the build environment public too, not just the binaries?

[joo]

Would you mind making the source and the build environment public too, not just the binaries?

I would be happy to share the source, however since the application is responsible for storing players' passwords, I do not think it would be responsible to make it so easy for somebody to find out how the stored passwords are encrypted (which could potentially allow an attacker to steal people's Cantr passwords and hijack their accounts).

Additionally, being produced using Director, The application is largely based on a closed-source runtime environment, with several also extension libraries, none of which I have the source code of. The "source" in this case would be authoring files containing scripts, layout information and graphical elements.

As ceselb posted earlier it would be nice to put alerting sounds and guess we can all think of a few features to implement which would be useful.

I do still intend to implement this, I just haven't got around to it yet. If somebody would like to suggest a suitable sound/sounds which could be used, that may save me some time looking for one.

[palpatin]

Oh, i thought i would have to wrestle some VB environment or even c or c++ makefiles, but shockwave sounds a bit far off. Thanks for the thought anyway.

A year ago I made a charrie-checking java application for myself that fancied a tray icon, alerts, but i havent felt the strength to make it public.

About security, you send the passwords as cleartext, i'd rather spoof the connection to get others accounts.

[chase02]

About security, you send the passwords as cleartext, i'd rather spoof the connection to get others accounts.

wut. do you mean "sniff" rather than spoof, because hijacking the connection would yield you bugger all, really.

[palpatin]

wut. do you mean "sniff" rather than spoof, because hijacking the connection would yield you bugger all, really.

Sure i guess
Actually i'd download some framework that does it and gives me a useable API. Looks like the first result on google is working in this case too

[joo]

About security, you send the passwords as cleartext, i'd rather spoof the connection to get others accounts.

Actually, that's not true.

You'd have better luck sniffing HTTP POST requests of people logging in via the website.

[Amlin]

I wanted to ask if CantrSpy is using proxy settings... I have manual proxy settings and automatic ones doesnt work. Are proxy settings used from IE or firefox or just ignored?

[palpatin]

You'd have better luck sniffing HTTP POST requests of people logging in via the website.

Sure that's what i meant, by the passwords are sent as plain text.