Python Roblox web API Cookie Reload System

Execed · January 24, 2022, 1:46pm

Did you ever have trouble with .ROBLOSECURITY cookies expiring? This can occur if a cookie is inactive, essentially leaving you with no way of knowing how long your current cookie will be valid. The Cookie Reload system provided will allow you to never worry about cookies expiring.

This system is inspired by Brooke’s (grilme99) Javascript Cookie Pool System, just written fully in Python.

Please note:

You should only use this on bot accounts, as this will reset any existing cookies, inevitably logging all sessions out.
This only works on active cookies, as it’s impossible to get the X-CSRF-Token (which is required for this system to work) from an invalid/expired cookie. You must have a valid cookie before implementing this system into your projects.
This tutorial does not explain on how to set up a task to automatically refresh the cookie.

The system uses the https://auth.roblox.com/v2/logout to get the X-CSRF-Token and the https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate API endpoint to refresh the cookie.

Base code

# Importing the required modules for this system to work
import re, requests

# Getting the X-CSRF-Token using the existing cookie
cookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_A1B2C3D4E50000000"

xcsrfurl = "https://auth.roblox.com/v2/logout"
xsrfRequest = requests.post(xcsrfurl,
    cookies={
    '.ROBLOSECURITY': cookie
})

try: # Tries to get the X-CSRF-Token, will raise an Exception if it fails
    XCSRFTOKEN = xsrfRequest.headers["x-csrf-token"]
except:
    raise Exception()

# Creating a new cookie using the previous cookie and the newly generated X-CSRF-Token
reauthcookieurl = "https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate"
data = requests.post(reauthcookieurl,
    cookies={
    '.ROBLOSECURITY': cookie
},
    headers={
    'X-CSRF-TOKEN': XCSRFTOKEN
})
setcookie = data.headers['set-cookie'] # Gets the headers of the response from the cookie reload
# Getting the data between '.ROBLOSECURITY=' and '; domain=.roblox.com;` (which leaves us with the new cookie as ROBLOSECURITY)
ROBLOSECURITY = (re.search('.ROBLOSECURITY=(.+?); domain=.roblox.com;', setcookie)).group(1)

The base code above will provide you with a new .ROBLOSECURITY cookie (with the ROBLOSECURITY variable). All it needs is the previous cookie which will create a new one.

The base code is inefficient, since you need to modify the code each time in order to provide the new cookie. You can simplify this by using configparser, a built-in Python module.
You must have an existing configparser file called db.ini created. Here is what it should look like:

db.ini example file

[roblox]
cookie = _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_A1B2C3D4E500000...

Code with configparser module

# Importing the required modules for this system to work
import re, requests, configparser

# Reading the current cookie from db.ini using configparser
config = configparser.ConfigParser()
config.read('db.ini')
cookie = config["roblox"]["cookie"]

# Getting the X-CSRF-Token using the existing cookie
xcsrfurl = "https://auth.roblox.com/v2/logout"
xsrfRequest = requests.post(xcsrfurl,
    cookies={
    '.ROBLOSECURITY': cookie
})

try: # Tries to get the X-CSRF-Token, will raise an Exception if it fails
    XCSRFTOKEN = xsrfRequest.headers["x-csrf-token"]
except:
    raise Exception()

# Creating a new cookie using the previous cookie and the newly generated X-CSRF-Token
reauthcookieurl = "https://www.roblox.com/authentication/signoutfromallsessionsandreauthenticate"
data = requests.post(reauthcookieurl,
    cookies={
    '.ROBLOSECURITY': cookie
},
    headers={
    'X-CSRF-TOKEN': XCSRFTOKEN
})
setcookie = data.headers['set-cookie'] # Gets the headers of the response from the cookie reload
# Getting the data between '.ROBLOSECURITY=' and '; domain=.roblox.com;` (which leaves us with the new cookie as ROBLOSECURITY)
ROBLOSECURITY = (re.search('.ROBLOSECURITY=(.+?); domain=.roblox.com;', setcookie)).group(1)

# Saving the new cookie in the db.ini config file
config['roblox']['cookie'] = ROBLOSECURITY
with open('db.ini', 'w') as configfile:
    config.write(configfile)

I hope this will help you out! Please leave any suggestions, opinions or bug reports in the comments

luisgamercooI231fan · January 24, 2022, 2:25pm

1 question, why should i use code that meant to modify my roblo security. How do I know this is safe and not you trying to hack people

Execed · January 24, 2022, 2:29pm

Please read the post carefully. The code sends no information to any website except for official Roblox web API endpoints. The code contains all the information, please don’t post comments like this without checking out the code provided.

luisgamercooI231fan · January 24, 2022, 2:30pm

Ah ok i jsut dont understand java lol.

R0bl0x10501050 · January 24, 2022, 4:58pm

This is python. It wouldn’t be posted here if it was malicious.

luisgamercooI231fan · January 24, 2022, 5:02pm

oof misread it as java my mistake