Brief introduction before we start
Some of you might say that releasing this to public is a mistake but well...this method was first introduced in patch 2.0, around one year ago, and you know what? - Not a single attempt was made to fix this. Guess that's what BHVR deserves
There is a decent amount of ways to reproduce this exploit, in this post i will show two the most easiest/user-friendly ways to get yourself a lot of bloodpoints.
Method №1: Fiddler (easy)
1. Download and install latest version of Fiddler Web Debugging Proxy. Suggest using Telerik official website.
2. Launch Fiddler, at the top left corner click Tools - Options
3. Go to HTTPS, Check "Capture HTTPS CONNECTs" and "Decrypt HTTPS traffic" boxes. If it's your first Fiddler usage it will ask you to install a certificate. As Fiddler accurately say, "This is generally safe" but i would recommend to do your own research before continuing.
4. Download attachment, extract it directly to C: drive. As a final result you should get folder "Rules" with three files: Buy, Get and importme. Correct path is important.
5. Back to the Fiddler, go to AutoResponder, click Import, go to This PC - Local Disk ( C: ) - Rules - importme.farx and click Open. Two rules should appear in AutoResponder tab. Check "Enable rules" and "Unmatched requests passthrough" boxes.
6. We have finished the setup. Launch Dead By Daylight, go to Store, Shrine of Secrets. If you've done previous steps correctly your Shrine should consist of 4 Decisive Strikes, each costing 0 shards. Purchasing any of them will award you with one million bloodpoints.
7. Within one game session you can get up to 4kk bloodpoints. Simply restart your game to update your shrine.
Few words regarding Fiddler detection
I have spent almost 2 weeks doing my best to get myself banned with Fiddler only. I didn't succeed. For those of you who don't trust Fiddler here's another way to achieve the same resulting Shrine.
Method №2: HTTP Debugger (medium)
1. Download attachment, extract it directly to C: drive. As a final result you should get folder "Rules" with three files: Buy, Get and importme.
2. Download and install HTTP Debugger from their official website. Trial version is enough.
3. Go to Rules>>Auto-Reply Requests>>Add Rule>>With File...>>Choose "Get" file
4. "Auto-Reply Rule" window will appear. Paste this code to the string next to "Exactly Matches":
Code:
https://latest.live.dbd.bhvronline.com/api/v1/extensions/shrine/getAvailable
Moving to the bottom of the "Auto-Reply Rule" window, locate "Respond With File" option, grey square with three dots inside, click it and navigate to your Rules folder, choose "Get" file and click Open:
Final result should look exactly like this, click OK after:
5. We need to add one more rule. Again, Go to Rules>>Auto-Reply Requests>>Add Rule>>With File...>>Choose "Buy" file. Paste this code to the string next to "Exactly Matches":
Code:
https://latest.live.dbd.bhvronline.com/api/v1/extensions/shrine/buyShrineItem
"Respond With File" option, grey square with three dots inside, click it and navigate to your Rules folder, choose "Buy" file and click Open:
Final result should look exactly like this, click OK after:
6. We have finished the setup. Launch Dead By Daylight, go to Store, Shrine of Secrets. If you've done previous steps correctly your Shrine should consist of 4 Decisive Strikes, each costing 0 shards. Purchasing any of them will award you with one million bloodpoints.
7. Within one game session you can get up to 4kk bloodpoints. Simply restart your game to update your shrine.
Method №3: Fiddler dual PC (hard)
Paranoid about detection? Already have two bans and don't want to get yourself HWID banned? Don't trust those "sniffers"? Don't want to run any malicious on your gaming PC? If you answered yes to any of those question here's another way to achieve success without running ANY software on your gaming PC at all. This time i won't mention every small step, if something is not working, please spend some time googling your issue before asking question in the comment section.
1. First of all, you will need one more PC. Your 9 years old laptop will be enough.
2. Delete Fiddler/Http debugger from your gaming PC if you already installed it.
3. On your second PC, install Fiddler, go to Tools>>Options>>HTTPS, confirm Capture HTTPS Connects and decrypt https traffic. Install Certificate.
4. Again, go to Tools>>Options>>Connections. Confirm Allow remote computers to connect. Set Fiddler listens on port: 8888. Confirm Act as system proxy on startup and monitor all connections.
5. Move your mouse cursor over Double PC icon (top right corner), wright down your local IPv4 adress:
6. Download attachment, extract it directly to C: drive. As a final result you should get folder "Rules" with three files: Buy, Get and importme. Correct path is important.
7. Switch to your gaming PC, go to the Windows search function, type "Proxy", Open Proxy settings. Down the page "Manual proxy setup", tick Use a proxy server, under address write your second Pc's IPv4 adress from Fidler, type "8888" under Port.
8. Open Web Browser, in an adress bar type your second Pc's ip, colon and 8888
In my case it's:
Code:
https://192.168.1.47:8888/
9. If previous steps done correctly you will be redirected to Fiddler Echo Service page. At the bottom you should download and install FiddlerRoot certificate:
10. Switch to your second pc.
11. Download and install HTTP Debugger from their official website. Trial version is enough.
12. Go to Rules>>Auto-Reply>>Add Rule>>Custom Rule...
13. "Add Rule" window will appear. Paste this code to the string right under "REQUEST HEADER REGEX":
Code:
POST.+/api/v1/extensions/shrine/getAvailable.+HTTP/
and this code to the second string:
Code:
Host:.*latest.live.dbd.bhvronline.com
Moving to the bottom of the "Add Rule" window,locate "Respond With File" option, grey square with three dots inside, click it and navigate to your Rules folder, choose "Get" file and click Open:
Final result should look exactly like this, click OK after:
14. We need to add one more rule. Again, go to Rules>>Auto-Reply>>Add Rule>>Custom Rule. Paste this code to the first string under "REQUEST HEADER REGEX":
Code:
^POST.+/api/v1/extensions/shrine/buyshrineitem.+HTTP/
This code to the second string:
Code:
Host:.*latest.live.dbd.bhvronline.com
"Respond With File" option, grey square with three dots inside, click it and navigate to your Rules folder, choose "Buy" file and click Open:
Final result should look exactly like this, click OK after:
15. We have finished the setup, on your gaming PC restart your web browser, restart Steam, open DBD>>Store>>Shrine>>Buy Decisive>>Get a lot of bloodpoints.
Virus Total
https://www.virustotal.com/gui/file/...15f4/detection
Few words for devs
This has never happened, yet here we come again...Another publicly available method to modify bp, this time based entirely on your incredibly shitty coding. Wondering, what are you going to do now, fix your lovely game or simply ban all Fiddler users
P.S
Hitting Download and Thanks instead of normal download make one Claudette main happier.