49 replies to this topic

[Minimal DJ]

Hello everyone, a while back i created a discussion with what the community wants as a tool outside the game, so I started studying my guildwars 2 behavior inside/outside the game. I noticed alot of times I would get in GW2 just to check the TP and then log out, so I started developpment for the ultimate Google Chrome/ firefox addons for the traders out there.

While I'm currently studying the API's better and how I can make a full featured addon for the community. And possibly use this project as my university developpement project for software engineering

Here is the backbone of my current project, I started out with Chrome addon first, since developping for chrome is much easier than firefox.

This addon is very simple for the pros in coding, and while it's simple, i found it being very useful, in one simple click I have access to TP from my browser.



Thought I include Install directions for the less Tech Savvy:

-Go to your Extensions directory in Chrome

-Drag the Chrome Extension.CRX to your Extensions page.

-Click the GW2 TP Icon, and start using.




It is quite simple addon for now, but I'm currently working on adding :
-Favorites tab, and notifications for buy/sell orders.

For the firefox addon, i'm still working on it, so bear with me !

Please leave your feedback as well as ideas.

Edited by Minimal DJ, 23 January 2013 - 05:33 PM.

[Minimal DJ]

Please, if you're not willing to investigate and actually find malicious code, don't put out stupid accusations just like that. Checking your posts, I don't notice any form of help or support to the community, please refrain from your trolling and move along.

[Lordkrall]

And yet you can quite easily steal peoples account-information without any of those things
By simply tunneling them to another website than the actual GW2 site when they are asked to login, and therefor you will get access to their email and password.

People are right to be skeptic.

[Minimal DJ]

Skepticism imo is only legitimate if you are willing to investigate the said subject. This is the actual code alongside the extension, feel free to make one of your own.

manifest.json

{
  "name": "GW2 TP",
  "version": "1.0",
  "manifest_version": 2,
  "description": "The first GW2 Trading Post extension",
  "permissions": ["tabs", "http://*/*","notifications"],
  "browser_action": {"default_icon": "img/icon.png","default_title": "GW2 TP", "default_popup": "ui.html"}
 
}

ui.html

<html>
  <head><title>TP Platform</title></head>
  <body bgcolor="black">
	<iframe src="https://account.guildwars2.com/login?redirect_uri=http%3A%2F%2Ftradingpost-live.ncplatform.net%2Fauthenticate%3Fsource%3D%252F&game_code=gw2" width="780" height="560" frameborder="0">
	
	 </iframe>
  </body>
</html>

[kaldemeo]

This is a very cool thing. planning to do a port for firefox ?

[Dasryn]

lol the OP is obviously beyond any of the average guru user's technical expertise, i had a good laugh seeing the OP thoroughly shut down all skepticism.

i dont use the TP that much, unless im buying so i would never ever in a million years could care less use your extension, but i think its rather amazing you came up with something like that.

[Omega X]

People have every right to be skeptical when it comes to account security. I don't blame them. Doesn't GW2DB do the same thing without user credentials?

Edited by Omega X, 30 December 2012 - 08:22 PM.

[Eon Lilu]

Don't ever use third party programs that require you to use login information.

Code can be changed at anytime and so can the program.

Common sense says stay away or expect to be hacked.

I generally don't use anything third party anyway because like said above info,code or anything can be changed and before you know your redirected to something malicious.

Edited by Eon Lilu, 30 December 2012 - 08:43 PM.

[Minimal DJ]

kaldemeo, on 30 December 2012 - 07:17 PM, said:

This is a very cool thing. planning to do a port for firefox ?

Thank you kaldemeo, working on firefox is quite different, I'm still learning how firefox works with its addons.

Rickter, on 30 December 2012 - 08:01 PM, said:

lol the OP is obviously beyond any of the average guru user's technical expertise, i had a good laugh seeing the OP thoroughly shut down all skepticism.

i dont use the TP that much, unless im buying so i would never ever in a million years could care less use your extension, but i think its rather amazing you came up with something like that.

I'm doing something legitimate for the sake of someone's well-being, nothing to hide.

Omega X, on 30 December 2012 - 08:18 PM, said:

People have every right to be skeptical when it comes to account security. I don't blame them. Doesn't GW2DB do the same thing without user credentials?

GW2DB is infact the same, but this has access to the TP from gw2 servers, there are no intermediates, but It's still in developpement, i'm also looking into the method GW2DB used, if it's better, will be using GW2DB api, but now i'm working to make a profile creation, tagging item codes to favorites and having notifications when a certain price is met, all this on your browser in real-time, no need to go to another webpage or go in-game, for myself that sounds great, since i can be watching a youtube video or doing homeworks and receive a notification from the addon saying, X items has reached X price, then login in game and either buy or sell.

[Minimal DJ]

Eon Lilu, on 30 December 2012 - 08:39 PM, said:

Don't ever use third party programs that require you to use login information.

Code can be changed at anytime and so can the program.

Common sense says stay away or expect to be hacked.

The only way the code can be changed is by 2 options,
-either you redownload and install a new updated version.
-or the tool becomes featured on the Chrome addons webpage, then the developer can send updates to their users.

I'm planning to come with new features, yet, will always post the source code and the experienced members here can do judge themselves.

I am not forcing you to use this, but if you think it serves a purpose for you and makes your life easier, then use it, I'm understanding of the issue the login poses and will try to make improvements until i'm satisfied. But if your concerns are malicious hidden codes, send the file or download link to someone who has knowledge with coding, and ask if there are any security reasons.

[Eon Lilu]

Minimal DJ, on 30 December 2012 - 08:48 PM, said:

The only way the code can be changed is by 2 options,
-either you redownload and install a new updated version.
-or the tool becomes featured on the Chrome addons webpage, then the developer can send updates to their users.

I'm planning to come with new features, yet, will always post the source code and the experienced members here can do judge themselves.

I am not forcing you to use this, but if you think it serves a purpose for you and makes your life easier, then use it, I'm understanding of the issue the login poses and will try to make improvements until i'm satisfied. But if your concerns are malicious hidden codes, send the file or download link to someone who has knowledge with coding, and ask if there are any security reasons.

Nothing personal, just I don't trust third party add on's or programs from people I don't know.

Edited by Eon Lilu, 30 December 2012 - 09:11 PM.

[Veltoss]

Eon Lilu, on 30 December 2012 - 08:39 PM, said:

Don't ever use third party programs that require you to use login information.

Code can be changed at anytime and so can the program.

Common sense says stay away or expect to be hacked.

I generally don't use anything third party anyway because like said above info,code or anything can be changed and before you know your redirected to something malicious.

He gave you the freaking code to make your own extension with it, are you joking or did you just not even read the posts so far?

[Red_Falcon]

I checked the code, it's legit.
I bet an eye that those same people scared of something like this are clicking the scammer links and are the same people blaming Anet for being hacked.

Good job OP.

[Shayne Hawke]

It's cool to see users step up to the plate and create these features that ANet should have put forth already.

This seems like something I might use once the Firefox version is finished.

[rentauri]

Doubtful I'd use something like this as I'm not heavy into TP but this is a seriously cool idea. As I read this I got a flash of the E trade baby commercials using this to invest on the TP.

Edited by rentauri, 30 December 2012 - 10:03 PM.

[Shizu]

Cool idea and probably done with good intentions.

But I can't blame the people not trusting this tool. I know I wouldn't use it, unless confirmed by someone I know personally.

[Bryant Again]

Not much into the TP myself, but I can see how it could be a pretty damn cool addition for those who are.

Great job, OP!

[dawnmist]

Minimal DJ, on 30 December 2012 - 06:25 PM, said:

ui.html

<html>
<head><title>TP Platform</title></head>
<body bgcolor="black">
<iframe src="https://account.guildwars2.com/login?redirect_uri=http%3A%2F%2Ftradingpost-live.ncplatform.net%2Fauthenticate%3Fsource%3D%252F&game_code=gw2" width="780" height="560" frameborder="0">
	
	 </iframe>
</body>
</html>

For firefox (and probably any browser), you can copy the "ui.html" text from above (everything from "<html" to "</html>"), paste it into notepad and save it as an html file. Then you can open that file up in any browser, and it should work (I've tested in firefox). By copying the text yourself you can ensure that you really do just go to the GW2 website if you're worried about it.

Certainly looks interesting.

Edited by dawnmist, 31 December 2012 - 03:43 AM.

[Darkobra]

Minimal DJ, on 31 December 2012 - 03:34 AM, said:

Hey now, stay on the subject or don't post please. I asked if anyone was willing to give true feedback or share ideas, this is not a flame war.

It is on the subject. Everything that needs to be said about malicious code is a 100% legitimate reason to avoid this. You say in its current state it's not. Great. Then you move on to say "But people need to download a new update if the code gets changed." And your current subscribers will. Blindly. "If version 1 works and is safe, so must version 2 be!" I won't be using it. Because my computer is actually fast enough to load the game and look at the trading post itself with no issues and I'm at no risk. The greatest security is common sense.

And it GENUINELY worries me that I need to say the unsaid. No wonder so many accounts are getting lost.

[Red_Falcon]

Darkobra, on 31 December 2012 - 04:01 AM, said:

It is on the subject. Everything that needs to be said about malicious code is a 100% legitimate reason to avoid this. You say in its current state it's not. Great. Then you move on to say "But people need to download a new update if the code gets changed." And your current subscribers will. Blindly. "If version 1 works and is safe, so must version 2 be!" I won't be using it. Because my computer is actually fast enough to load the game and look at the trading post itself with no issues and I'm at no risk. The greatest security is common sense.

And it GENUINELY worries me that I need to say the unsaid. No wonder so many accounts are getting lost.

Except the code itself contains nothing malicious and therefore your paranoia is unjustified.
Check the source code yourself if you have any doubt.

[omar316]

Darkobra, on 31 December 2012 - 04:01 AM, said:

It is on the subject. Everything that needs to be said about malicious code is a 100% legitimate reason to avoid this. You say in its current state it's not. Great. Then you move on to say "But people need to download a new update if the code gets changed." And your current subscribers will. Blindly. "If version 1 works and is safe, so must version 2 be!" I won't be using it. Because my computer is actually fast enough to load the game and look at the trading post itself with no issues and I'm at no risk. The greatest security is common sense.

And it GENUINELY worries me that I need to say the unsaid. No wonder so many accounts are getting lost.

Dude. It's fine if you don't use it. You don't need to shit on another person's work.
OP is willing to be identified and has provided examples to substantiate his work. Community has seen it and has verified it is fine/works/not malignant yet: Falcon and dawnmist.

In any case great job OP. I'll try it once I'm home. Just checking does it have full TP functionality? Like search and filters?

[Minimal DJ]

omar316, on 31 December 2012 - 04:55 AM, said:

Dude. It's fine if you don't use it. You don't need to shit on another person's work.
OP is willing to be identified and has provided examples to substantiate his work. Community has seen it and has verified it is fine/works/not malignant yet: Falcon and dawnmist.

In any case great job OP. I'll try it once I'm home. Just checking does it have full TP functionality? Like search and filters?

Yes it does have the Search and filter options, you are basically connecting to the Trading post from Arena net's servers.

But due to some people's overwhelming sense of protection, I'm currently remodelling the Gw2spidy 0.9 API instead of the Arena net's direct login page, to avoid the login screen. Hopefully I have time to finish some of the big work before next week when Uni starts again.

[Minu]

To my understanding, offering your login information to anyone/anything, is a breach of your terms of service.  Expect to reap the rewards of such actions at some point.

Is a shame that this could impact on what I believe looks like a legitimate idea by a member of the community.

[Lordkrall]

I for one wonders why the OP became more or less mad when people stated that others should at least think a bit before using this.
Anyone with even basic developing knowledge know how easy it is to simply change a few lines/words/whatever and change the functionality altogether.

Seeing as quite a few people seems to get "hacked" now and then I find it rather logical to warn people about an app like this, seeing as how it is extremely easy to gain peoples account info with this.

Edited by Lordkrall, 31 December 2012 - 09:49 AM.

[kaldemeo]

Feedback (Ran the html file on Firefox)
In Firefox i can search and see prices. I can't buy or see listnings. If you can make me buy/sell trough the browser, it would be amazing for anyone who like are spending time on the TP!

[Minimal DJ]

Minu, on 31 December 2012 - 05:44 AM, said:

To my understanding, offering your login information to anyone/anything, is a breach of your terms of service.  Expect to reap the rewards of such actions at some point.

Is a shame that this could impact on what I believe looks like a legitimate idea by a member of the community.

it is not a EULA breach when you are logging in the official arenanet servers, please look into the source code.

Lordkrall, on 31 December 2012 - 09:48 AM, said:

I for one wonders why the OP became more or less mad when people stated that others should at least think a bit before using this.
Anyone with even basic developing knowledge know how easy it is to simply change a few lines/words/whatever and change the functionality altogether.

Seeing as quite a few people seems to get "hacked" now and then I find it rather logical to warn people about an app like this, seeing as how it is extremely easy to gain peoples account info with this.

I became more or less irritated with some ignorant comments, the source code is provided if you want to build your own, and please research how accounts are being hacked before making lame accusations.

kaldemeo, on 31 December 2012 - 12:53 PM, said:

Feedback (Ran the html file on Firefox)
In Firefox i can search and see prices. I can't buy or see listnings. If you can make me buy/sell trough the browser, it would be amazing for anyone who like are spending time on the TP!

Hi thanks for the feedback, since you are accessing Arenanet's server, they have full control over that end, if they don't develop that feature, no one else can.
Basically this extension is a fast access to the arenanet's TP, now i'm developing a way to favorite a select item, but seems impossible while using Arenanet's link,, so i'm working into intergrating GW2DB's database, so no login required, possible to build a favorites function, and notifications.

[DuskWolf]

I actually feel really bad for this guy. Not that any of you have any reason to trust me, but there's absolutely not a darn thing wrong with his extension. If you know how, you can pretty much take any Chrome extension apart to see its innards, and he's already posted up the code right there. I have no vested interest in making GW2 fans happy, but as a fellow coder, I hate seeing this. I hate it when someone takes the time out of their schedule to make something cool for other people, and that someone thinks it's going to be so great because it'll help others, but their first reaction is dodos running around screeching about it being a virus.

Geez. I'm sorry guys, but no. Let's run a little thought exercise. And let's do it in BASIC just so that it'll crack up any coder out there who's fed up of this nonsense. Just because it's those guys who could use the laugh.

10 PRINT "I'M GOING TO KILL YOUR COMPUTER."
20 EXECUTE COMPUTERBOOM
END

RUN

Oh noes, I've just inserted a virus into your computer! It's going to hack the Interwebs! Each and every Interwebs! Just because your computer has seen that text, the world itself is going to die a grisly, fiery death. It's the BASICpocalypse, people!!!

This is how silly someone sounds when they accuse something that they can freely read the code of of being malicious. :I Again, I have no vested interest in making you happy. I'm sure a bunch of you are absolute jerks. But it pains me to see this happening to any coder. Especially someone who's doing something pro bono. So give the guy a break, and stop humiliating yourselves.

[Minimal DJ]

hahaha that made me laugh, and made my day, thanks !

[InStars]

Is the code licensed with Gnu General Public License (GPL)?

[Daesu]

If you don't want to have to deal with GW2 email and password, one alternative is to use the gw2spidy API.  They are much easier to code against and they don't require any form of authentication.  I wrote several small javascript scriptlets using this api.  There are pros and cons to using this, versus the direct way of accessing data through the GW2 TP itself.

https://github.com/r...y/wiki/API-v0.9


I am a sucker for Javascript and I chose to write almost all my tools using Javascript whenever I can.  I couldn't use javascript against the GW2 TP server though because XmlHttp doesn't allow me to set the Referrer field in the HTTP header.  I could probably work around it but I didn't want to bother, so I used gw2spidy API instead.  But for edification, I also wrote working code in Java as well as C# that pulls data from the GW2 TP server.

If you need the GW2 email and password for your tool, I suggest that you make it open source so that people can build them on their own if they choose to.

If anyone is interested in the code that I have, let me know.

Edited by Daesu, 11 January 2013 - 01:43 AM.