Closed RayzonDE closed 6 years ago
Plot twist: you don't need to capture anything, we all have the same tokens. You can use those provided in the php API repo. Only "email" and "password" matters.
@monkeydioude Can you link to this PHP api?
@NickSuperb I think I found the API https://github.com/Tustin/fortnite-php
The issue is that your Fortnite game won't verify Fiddler's certificates since it's using libcurl with verifypeer=true by default.
You can override this by adding the command line option -HTTP=WinInet in the Launcher (click the gear icon), and make your computer trust the Fiddler root certificate.
@jeffreyhorner Apparently they have fixed this loophole, did you find another possibility to bypass the SSL pinning?
No I haven't scoped out this issue in awhile.
Bro I tried it 100 times... after I start Fortnite there is a /account/api/oauth/exchange request but no more token, if I capture traffic in the loading screen. I recorded it for you it's only 1 minute https://www.youtube.com/watch?v=nHBqp-IusyA what am I doing wrong?