[Open Source] Cookie Pool System

back on the grind

Ever found yourself working with bot account cookies that expire unexpectedly - preventing your entire app from working? Let’s face it - working with cookies is annoying and difficult.

My cookie pool system stops this issue. First, a Cookie Pool is a “pool” of cookies. This means that you have a large, unordered list of cookies. When you need to use one, you can select one at random in your application.

This uses the signoutfromallsessionsandreauthenticate API to refresh a cookie. I’ve seen lots of people who want to see this released and I decided to release the part that actually lets you refresh the cookie. The other bit (cron job that loops through all the cookies to refresh them) isn’t included here because it is far too built into my current project.

To use this in production, you should setup a cron job on your server (or use some sort of cloud system that runs the code every x time). I run it every 3 hours. You should loop through all the cookies in the pool. Refresh each one and overwrite the old one with the new one.

I have to give credit where credit is due, part of the code is taken from noblox.js!
(I will upload to NPM later today)

Code

relog.js (The forum doesn’t like syntax highlighting on this one for some reason :sob:)

/**
 * Module used to reload a cookie
 */

const request = require('request-promise')
const getVerificationInputs = require('./getVerificationInputs').func

module.exports = {
	/**
	 * Get the RequestVerificationToken
	 *
	 * @param {string} Cookie
	 */
	getVerification: cookie => {
		return new Promise((resolve, reject) => {
			return request({
				url: 'https://www.roblox.com/my/account#!/security',
				resolveWithFullResponse: true,
				headers: {
					cookie: `.ROBLOSECURITY=${cookie}`
				}
			}).then(res => {
				const inputs = getVerificationInputs({ html: res.body })
				var match

				if (res.headers && res.headers['set-cookie']) {
					match = res.headers['set-cookie']
						.toString()
						.match(/__RequestVerificationToken=(.*?);/)
				}

				resolve({
					inputs: inputs,
					header: match && match[1]
				})
			})
		})
	},

	/**
	 * Get the general token
	 *
	 * @param {string} Cookie
	 */
	getGeneralToken: async cookie => {
		return new Promise((resolve, reject) => {
			return request({
				// This will never actually sign you out because an X-CSRF-TOKEN isn't provided, only received
				url: 'https://api.roblox.com/sign-out/v1', // REQUIRES https. Thanks for letting me know, ROBLOX...
				resolveWithFullResponse: true,
				method: 'POST',
				headers: {
					cookie: `.ROBLOSECURITY=${cookie}`
				}
			}).catch(res => {
				var xcsrf = res.response.headers['x-csrf-token']
				if (xcsrf) {
					resolve(xcsrf)
				} else {
					reject('Did not receive X-CSRF-TOKEN')
				}
			})
		})
	},

	/**
	 * Reload a cookie
	 *
	 * @param {string} Cookie
	 */
	relog: cookie => {
		return new Promise(async (resolve, reject) => {
			if (!cookie) reject('no cookie supplied?')

			// Get verification token
			const verificationToken = await module.exports.getVerification(
				cookie
			)

			if (!verificationToken.header) return reject('Bad cookie')

			// Get general token
			const generalToken = await module.exports.getGeneralToken(cookie)
			// Refresh the token
			return request({
				url:
					'https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate',
				method: 'POST',
				resolveWithFullResponse: true,
				headers: {
					'X-CSRF-TOKEN': generalToken,
					cookie: `.ROBLOSECURITY=${cookie}`
				},
				form: {
					__RequestVerificationToken:
						verificationToken.inputs.__RequestVerificationToken
				}
			})
				.then(res => {
					const cookies = res.headers['set-cookie']

					if (cookies) {
						const newCookie = cookies
							.toString()
							.match(/\.ROBLOSECURITY=(.*?);/)[1]

						resolve(newCookie)
					} else {
						reject('Bad Roblox response')
					}
				})
				.catch(() => {
					reject('Bad Roblox response')
				})
		})
	}
}

getVerificationInputs.js (This is all taken from noblox)

// Dependencies
var parser = require('cheerio')

// Define
exports.func = function(args) {
	var $ = args.selector
	if (!$) {
		$ = parser.load(args.html)
	}
	var inputs = {}
	var find = [
		'__VIEWSTATE',
		'__VIEWSTATEGENERATOR',
		'__EVENTVALIDATION',
		'__RequestVerificationToken'
	]
	for (var i = 0; i < find.length; i++) {
		var get = find[i]
		inputs[get] = $('input[name=' + get + ']').val()
	}
	return inputs
}

Please let me know if you have any issue, questions or improvements!
What shall I release next?

17 Likes

Nice one.
Release Next: Devable with VSC
With the pool of cookies, what happens if one of the cookies are expired?

3 Likes

Well the whole point is they won’t. If you’re refreshing every 3 hours like me it’s pretty much impossible for them to.

1 Like

For some reason I thought this was a cooking system and was almost excited lol
Also for some reason I don’t know what this is

Anyway, thanks for this, though I have no experience in bots. Would you tell me how this can be used to make my games efficient. Ty

1 Like

It’s not for making games efficient. It’s for things on external servers. If you don’t have any experience with bots I don’t think you’ll have a real use for this.

1 Like

Nice! Might be able to apply this to something but we’ll see! Looks amazing.

2 Likes

Thanks! I’m so ready for an npm module for this! Your projects are so good and I can’t wait to have an efficient bot that doesn’t expire

1 Like

image
:eyes:

1 Like

Yeah I never got around to it :joy:

If you really need it as an NPM package I might be able to upload soon?

Yes. Please. I would need it as NPM package.

1 Like

Didn’t notice this post until now.

This is actually pretty useful. Thanks!

(NPM when?)

1 Like