Flash Game Highscores

Ever played an online Flash game? Always wondered why everyone has a higher score then you?

Well, flash games need to store highscores somewhere on the server. So on some point during the game, scores are posted. And this happens via http. As http is a well known easy protocoll and most games don't think about protecting the scores someone just posted his score.

Step 1: log the http traffic. 

For simple cases firebugs net log is enough. For more complicated stuff add a local proxy and capture the traffic. There is no way flash games can prevent you from this.

Step 2: check how scores are submitted

If you know the score you just submitted, it is in most cases enough to grep the traffic log and find the http POST request that submits it.

Step 3: manual submit

write a five line python to submit the same request again but this time submit a different score.

#!/usr/bin/python
import urllib2
import urllib

url = 'http://example.com/submit.php'
values = {
    'score': 1234,
}
cookies = ['a=b',]
headers = {
    'User-Agent': 'python',
    'cookie': '; '.join(cookies)
}
data = urllib.urlencode(values)
req = urllib2.Request(url, data, headers)
response = urllib2.urlopen(req)
print response.read()

Advanced

Flash might encode or encrypt the submitted data. Use a actionscript decompiler and read the code

Or...

simply play the game to have fun and not to reach a highscore ;)