Roll20-cheat-dice

While Roll20 uses a "Quantum Roll" system to generate random numbers server-side, vulnerabilities often stem from how these results are communicated to and from the player's client.

Several community-developed projects on platforms like GitHub demonstrate these vulnerabilities for educational or illustrative purposes: roll20-cheat-dice

: A non-technical "cheat" involves temporarily inflating ability scores or modifiers on a character sheet before rolling, then quickly reverting them before the Game Master (GM) notices. Known Tools and Scripts While Roll20 uses a "Quantum Roll" system to

: The primary technical method involves hijacking the window.WebSocket.prototype.send function. By using tools like Tampermonkey or Charles Proxy , users can intercept outgoing data packets. users can intercept outgoing data packets.