Looks like you are able to fake roblox premium (using the Player.MembershipType API on the SERVER) through using fiddler, modifying the body of the game join http request.
Got some reports of this. Any safe (not affected by this exploit) ways of checking membership status? I’m going to disable the premium benefits in Robeats for the time being.
I don’t know off the top of my head, sorry. Also you might want to use your own servers to do this, not sure if rprxy will be able to handle the barrage of requests from robeats.
It’s a real shame if the only way around this is to set up your own proxy or trust someone else’s proxy and have to do external calls instead of being able to use the API Roblox created specifically to rely on for Premium features. Hopefully just a short term solution.
doing some reading and it looks like this should have been fixed?
@ConvexHero I see the “Certain properties of the player that were spoofable are no longer spoofable.” is still pending. Does that address this issue, and when will it be turned on?
This is a HTTP level exploit, it has nothing to do with property replication inside the game. Also, don’t rely on the devhub to correctly reflect actual behaviour. A clientside check would be much easier to bypass than doing this.