Idk if this belong here, but I need help

[Use]

So I'm trying to help my friend on this facebook game, apps.facebook.com/miscrits
I found this stuff while searching through junk
https://miscrits0-a.akamaihd.net/js/...ver=1353531411
And I think that could help me, I don't know what to do next though.
Also since this is a facebook game, it should be too hard to hack/get goodies, right?
This probably sounds super stupid to all you master haxorz

[Artificial]

I've never heard of the game, nor have I even played many Facebook games, but all that Javascript file is really doing is facilitating in the handling of ajax calls (which essentially means it's sending http requests to and from the server behind the scenes). These sort of requests often serve as connecting a service's API to send/retrieve certain types of data, and so can be useful to retrieve concise information that output information in formats friendly to most programming language. i.e. Gaia's GSI API returns by default (I think) information in JSON, which is easy to read, and can be used to display information important to games which you can also take advantage of (such as a user's inventory/equipped items). The only real way to test if that game has any useful API calls is to go in and test them.

Also, to an extent, ajax HTTP requests are often the first to be tested for exploits, as they're usually not exposed to the end user (and therefore the thought process of the developers (though not always consciously) is they may not come under as much scrutiny, and mistakes frequently find their way in to the code.) A company I up until recently worked for offered a security audit service, that primarily serviced Australian companies who had recently fallen victim to some sort of attack on their web service. One of the first areas we'd look at (unless otherwise obvious) was any public APIs they offered, and it was truly abhorrent seeing some of the coding practices that would go in to writing some of these apis.

[Use]

I've never heard of the game, nor have I even played many Facebook games, but all that Javascript file is really doing is facilitating in the handling of ajax calls (which essentially means it's sending http requests to and from the server behind the scenes). These sort of requests often serve as connecting a service's API to send/retrieve certain types of data, and so can be useful to retrieve concise information that output information in formats friendly to most programming language. i.e. Gaia's GSI API returns by default (I think) information in JSON, which is easy to read, and can be used to display information important to games which you can also take advantage of (such as a user's inventory/equipped items). The only real way to test if that game has any useful API calls is to go in and test them.

Also, to an extent, ajax HTTP requests are often the first to be tested for exploits, as they're usually not exposed to the end user (and therefore the thought process of the developers (though not always consciously) is they may not come under as much scrutiny, and mistakes frequently find their way in to the code.) A company I up until recently worked for offered a security audit service, that primarily serviced Australian companies who had recently fallen victim to some sort of attack on their web service. One of the first areas we'd look at (unless otherwise obvious) was any public APIs they offered, and it was truly abhorrent seeing some of the coding practices that would go in to writing some of these apis.

Thanks!
That's really helpful, I just don't know most/any of those terms D:
I've never done anything like this before

[Artificial]

If you'd like a particular term or concept explained, feel free to ask.