⚠️ [GUIDE] Help my cookie keeps expiring when I use a VPS! ⚠️

Question

⚠️ [GUIDE] Help my cookie keeps expiring when I use a VPS! ⚠️

alanbixby opened this issue 3 years ago · 17 comments

Retrieving a .ROBLOSECURITY cookie on a headless VPS:

⚠️ You must have a static IP on a dedicated VPS that you can SSH into; free hosts like Repl.it and Glitch are not compatible.

Adapted from a DigitalOcean tutorial.

As of March 8th, 2022, Roblox began rolling out a mandatory security feature that locks an account's .ROBLOSECURITY cookie to an IP region. Learn more here: https://devforum.roblox.com/t/ip-changes-invalidate-cookie/1700515

To bypass this, you must create the token from your VPS; the easiest way of which is through an SSH tunnel. When using this solution, the VPS must be the only IP accessing the account. Relogging without the proxy, or using a free coding workspace like Repl.it, Glitch, or Heroku, that assign dynamic IPs will not work.

Step 0) Make sure you are signed out of the target account, and have SSH access to your VPS.

Step 1) Connect to your VPS over SSH:

ssh your_user@your_server_ip

Step 2) Whitelist a port in your firewall (any value between 1024 and 65535), we will use 1234:

sudo ufw allow 1234

If you have never set up a firewall, I strongly recommend reading this article to harden your server; make sure to allow your SSH port too!

Step 3) Disconnect and start an SSH tunnel on the whitelisted port:

ssh -D 1234 your_user@your_server_ip

Make sure you are running this command from your local computer and not inside the VPS.
Do not close this connection until you are done with all steps and have closed your proxied browser.

You will be prompted for a password, and then there will be no sign for success for failure, this is expected.

Step 4) From a new terminal instance on your local computer, connect your web browser to the proxy in incognito, and log in:

It is assumed you are running Windows on your local computer. These commands should be run outside of WSL, either use Git Bash or cmd. It may help to close all other instances of your browser before running this command, and go to https://whatsmyip.com/ to ensure you are operating through your VPS's IP address.

Google Chrome:

start chrome --incognito --proxy-server="socks5://localhost:1234" https://www.roblox.com/login

Microsoft Edge:

start msedge --inprivate --proxy-server="socks5://localhost:1234" https://www.roblox.com/login

Mozilla Firefox (Less recommended; must be manually configured.)

Step 5) Retrieve your cookie as normal; this is nothing new.

Step 6) Copy the cookie to your VPS, write to a .env file, etc, your pick.

Step 7) Close the incognito proxied window; do not press log out.

Step 8) [Clean-Up]: Remove the whitelisted port from your firewall rules:

sudo ufw delete allow 1234

Step 9) You may now close the SSH tunnel by closing your terminal; you are done- as far as Roblox can tell, you logged in from your VPS's IP.

⚠️ From now on, you MUST be connected through the SSH Tunnel to access the Roblox account. Failing to do so will violate the IP check and invalidate your cookie.

lilforceiscool commented 2 years ago

no way

Answer 1 · 2022-03-20T20:48:18.000Z

Could you send me a tutorial video?

Answer 2 · 2022-03-23T20:11:50.000Z

A video tutorial would be better.

Answer 3 · 2022-03-24T21:21:08.000Z

Could you send me a tutorial video?
@Dq2rk

A video tutorial would be better.
@TheInspector556

There is no need for a tutorial video, the guide is pretty straight forward as its just copy and pasting at this point. All the information you need is there, with links to external resources for topics you will also need to know to do this. Anything not included means you may have to research these yourself. A video would simply do the same as the guide (of which is simply copy and pasting).

Answer 4 · 2023-01-08T21:24:52.000Z

Thank you so much11! This helped my dumb developer.

Answer 5 · 2023-04-27T05:18:02.000Z

im getting
" A positional parameter cannot be found that accepts argument" at step 4. My proxy seems to be operational, so this is confusing.

Answer 6 · 2023-04-27T05:48:01.000Z

start msedge --inprivate --proxy-server="socks5://localhost:1234" https://www.roblox.com/login

Ugh. Dont use the windows terminal as i inferred from this guide, use the command prompt. Dont use powershell.

Answer 7 · 2023-08-10T16:12:43.000Z

can someone please dm me if this still works discord is deeluc. with no capitals and the . is included.

Answer 8 · 2023-09-23T22:40:17.000Z

can someone please dm me if this still works discord is deeluc. with no capitals and the . is included.

I can help you, I've found an easy way to do it. I've sent you a friend request samsamsad is my username

Answer 9 · 2023-10-19T15:52:52.000Z

easier way is just creating a cookie that has ip check disabled -> https://github.com/efenatuyo/roblox-ip-lock-bypass

Answer 10 · 2023-12-18T14:09:56.000Z

Friend of mine already made this repo.. : You might want to check it out <3

I don't appreciate dual-hook software being advertised here, and anything that asks users to submit their cookie is already suspicious.

Answer 11 · 2023-12-20T07:50:14.000Z

Bro?? It can be dualhooked.. it isnt dualhooked + ITS FREAKIN OPEN SOURCE LOL

Answer 12 · 2023-12-20T07:51:52.000Z

youre complete alien tf, dualhooking is profitable ash, if you dont make money then it explains why

Answer 13 · 2023-12-21T08:12:24.000Z

Might I ask you, what's this drama all about? I never provided a site that can be or is dual-hooked. That's, first of all. Second of all, the repository mentions it can be dual-hooked, and if you don't want to, you don't need to set up a webhook in the server. Why did you get offended and remove my friend's comments? Is this some kind of censorship? If you have significant concerns, I can make it console-based. 👍

Answer 14 · 2024-04-13T23:18:21.000Z

I made a video tutorial of this if anyone still needs it: https://youtu.be/gFtz0qjejhw