Exploits and HttpService

Heyo.

To keep this brief, I basically have been looking into how exploits and exploit scripts work in order to make an anti-cheat. But something ive noticed is that somehow the client can still make Http calls despite Http calls only being able to be done on the server.

Its commonly used along side loadstrings.

Example: loadstring(game:HttpGet(“url here”))

Any explanation as to how this works?

I think it has to do with the feature of the injector not the game, because injector is just reading the raw url and just reading the content and executing it on the game; because there is also a feature on injector like synpase x that can force click a button.

Edit: If you want to you could try to exploit your own game and find something that is exploitable and try something that can be prevented like remote event being fired multiple times none stop.

most injectors have access to everything, the only catch is everything is client sided, they can change physics settings, call http, remove core gui and more, best way to make an anti cheat would be to use server scripts or hiding local scripts, I don’t remember how but there is a way to delete scripts and keep them running after they are deleted, this way you can hide it from the exploiter but keep it running.

2 Likes