Is there a way to make the client think that it is executing code on the server?
filtering enabled → filtering disabled
2 Likes
I am running a script from the client but I don’t want to set filtering enabled from the server.
I mean… I guess you could do something where they can kill other Players. It’ll only show for them, however. (This concept can be applied to other things as well, not just killing Players.)
what? Did you post this on the wrong thread?
1 Like
No? I might have misunderstood you though. I thought you wanted the Player/Client to seem as if they were executing code on the server and see the effects of that?
2 Likes
I want the client to recognize itself as a server side script but still actually be a client sided script.
1 Like
It’s not possible to transform a client into a server. What is your purpose of that? Your question does not have sufficient information or details to actually determine what the purpose is.
2 Likes
I might be dumb, but do you want the Client (in this scenario the Player’s computer) to think it is server side, or the Player to think it’s server side? So they do an action and they think it’s replicating to the server? (I know Player and Client are practically the same)
1 Like
I want to post to a web hook from the client, but in order to do that I have to be on the server. I don’t feel like setting up a server remote event because they keep getting hacked.
To answer the question - no. But there is good news: you definitely don’t need to do that in order to accomplish your goal. What exactly are you trying to do?
2 Likes
It’s not possible to use HttpService on the Client. Or atleast the PostAsync part of it.
1 Like
You have to set up a remote event with secure sanity checks, but considering the circumvention through exploits, you might as well look for alternative methods to accomplish the purpose.
1 Like
So that’s why I wanted to make it think it was on the server.
Exactly. So maybe I could do filtering enabled = false in a server script then let the client set up its thing and then set filtering enabled to true
Yeah, pretty sure there’s no way to do this. You’ll have to setup some sort of anti-exploit for it. Maybe debounces, which if are violated, kick/ban the Player?
1 Like
Like… if u wanna trick the local player… just insert local script and make normal server side scripts like:
PLAYER3729 HAS WON THE ROUND
But its on local script so its only for the client who got tricked
Idk why this topic is useless tho no offense
The client is infinitely more vulnerable than the server. Since it physically exists on the user’s machine, it’s trivial to do anything you want to it. If you set up the RemoteEvent for the http request, all an exploiter can do is fire the event.
2 Likes
but they kept spamming it with @everyone even after I used string.gsub() to remove all pings it still flooded with fake pings
Not that easy, toggling that is impossible. What exactly is the ultimate goal of requesting from client to server? Besides, webhooks create another open window for vulnerability unless secured. I still don’t know what exactly the background of the existing functionalities. I only read vague contexts of a webhook being fired at from the game from client to server.
If that’s the right context, you need to secure an input from client, do not reveal the webhook to client, allow server to send request to the webhook only with the contents requested from client with appropriate filtering and sanity checks. Remote events are recommended.
1 Like