-- Leo's gemini proxy
-- Connecting to jacksonchen666.com:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en
2023-08-04 20:43:23Z (last updated 2023-10-16 08:55:03Z)
The title is correct, because there was only 1 HTTPS (with an S) request to check activation.
But what Application am I even talking about?
(The website is alive, but I don't feel like you should be directed to the website.)
It started as "hey I think I've used this weird auto clicker before, is there something in my emails?"
And to my surprise, yes, there are emails about the purchase of the auto clicker (yeah it was paid).
I checked the website today, and the application today is now pay for a limited amount of time on a limited amount of computers before it expires and you have to pay for it again. So basically, it's now a computer-locked (not new) subscription (new).
When I paid for it, it wasn't like on a subscription (I think). It was locked to computers, so I had to request for that to be fixed for my case.
The auto clicker app is basically an auto clicker. That's really it.
The more um, disgusting parts of it was how horrible it looked today. The prompt for payment was dimmed, making it hard to read. It's also very not dark theme by my standards.
And I think what's the worst part is the email address. That's all you need to "activate" this software.
And well, it's 2023 and I have way too much computer knowledge. So I decided to use some knowledge, understand some new stuff, and use [mitmproxy] to intercept and change 1 HTTPS request so that I don't have to pay again.
mitmproxy is a piece of software that intercepts HTTP and HTTPS requests. It's done by... being a HTTP(S) proxy.
The MITM part actually stands for "man-in-the-middle". Guess who's the man in the middle? Me!
After installing and setting up for mitmproxy, I setup certificates for mitmproxy to be able to read HTTPS requests (which are encrypted). After all that, I was able to intercept many HTTP and HTTPS requests.
The app would only ask you to pay after you opened and quit the app 10 times. (Yeah good idea.)
So I opened and quit the application 10 times, and promptly got a prompt to pay for the software.
So I didn't pay for it and instead looked at the request made.
After finding the request that confirms if I have paid or not, I went ahead and made those requests intercepted.
After attempting an activation, I modified the response so the "server" responds with a `StatusY` instead of a `StatusN`. And the software was now unlocked.
(Side note: I think there may have been requests to check the Mac Serial number (yeah it seems to use that) on the server side, which might explain the trial check. However, I haven't confirmed that, and I've lost all request and response data anyways, plus it doesn't seem like I can trigger activation prompt.)
Is the software bad? No, I don't think so. I have paid for it (cringe) and used it, and it has served me quite well. Unfortunately, I no longer have the need to do auto clicking, so I don't use it anymore. Nor can I use it anyways because for some reason my email address doesn't work.
Don't trust your if statements.
Wait, that's wrong.
Don't even dare trusting your users with their own computers. Ever.
-- Response ended
-- Page fetched on Fri May 10 20:43:28 2024