noblox.js: ⚠️ [GUIDE] Help my cookie keeps expiring when I use a VPS! ⚠️
Retrieving a .ROBLOSECURITY cookie on a headless VPS:
⚠️ You must have a static IP on a dedicated VPS that you can SSH into; free hosts like Repl.it and Glitch are not compatible.
Adapted from a DigitalOcean tutorial.
As of March 8th, 2022, Roblox began rolling out a mandatory security feature that locks an account’s .ROBLOSECURITY cookie to an IP region. Learn more here: https://devforum.roblox.com/t/ip-changes-invalidate-cookie/1700515
To bypass this, you must create the token from your VPS; the easiest way of which is through an SSH tunnel. When using this solution, the VPS must be the only IP accessing the account. Relogging without the proxy, or using a free coding workspace like Repl.it, Glitch, or Heroku, that assign dynamic IPs will not work.
Step 0) Make sure you are signed out of the target account, and have SSH access to your VPS.
Step 1) Connect to your VPS over SSH:
ssh your_user@your_server_ip
Step 2) Whitelist a port in your firewall (any value between 1024 and 65535), we will use 1234:
sudo ufw allow 1234
If you have never set up a firewall, I strongly recommend reading this article to harden your server; make sure to allow your SSH port too!
Step 3) Disconnect and start an SSH tunnel on the whitelisted port:
ssh -D 1234 your_user@your_server_ip
Make sure you are running this command from your local computer and not inside the VPS. Do not close this connection until you are done with all steps and have closed your proxied browser.
You will be prompted for a password, and then there will be no sign for success for failure, this is expected.
Step 4) From a new terminal instance on your local computer, connect your web browser to the proxy in incognito, and log in:
It is assumed you are running Windows on your local computer. These commands should be run outside of WSL, either use Git Bash or cmd. It may help to close all other instances of your browser before running this command, and go to https://whatsmyip.com/ to ensure you are operating through your VPS’s IP address.
Google Chrome:
start chrome --incognito --proxy-server="socks5://localhost:1234" https://www.roblox.com/login
Microsoft Edge:
start msedge --inprivate --proxy-server="socks5://localhost:1234" https://www.roblox.com/login
Mozilla Firefox (Less recommended; must be manually configured.)
Step 5) Retrieve your cookie as normal; this is nothing new.
Step 6) Copy the cookie to your VPS, write to a .env file, etc, your pick.
Step 7) Close the incognito proxied window; do not press log out.
Step 8) [Clean-Up]: Remove the whitelisted port from your firewall rules:
sudo ufw delete allow 1234
Step 9) You may now close the SSH tunnel by closing your terminal; you are done- as far as Roblox can tell, you logged in from your VPS’s IP.
⚠️ From now on, you MUST be connected through the SSH Tunnel to access the Roblox account. Failing to do so will violate the IP check and invalidate your cookie.
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 9
- Comments: 15 (1 by maintainers)
There is no need for a tutorial video, the guide is pretty straight forward as its just copy and pasting at this point. All the information you need is there, with links to external resources for topics you will also need to know to do this. Anything not included means you may have to research these yourself. A video would simply do the same as the guide (of which is simply copy and pasting).
A video tutorial would be better.
Could you send me a tutorial video?
easier way is just creating a cookie that has ip check disabled -> https://github.com/efenatuyo/roblox-ip-lock-bypass