Roll20-cheat-dice

GMs can use built-in Roll20 features to verify the integrity of dice rolls and prevent common exploits:

: Encouraging players to use official character sheet buttons rather than custom macros makes it easier to verify that standard modifiers are being used. roll20-cheat-dice

Several community-developed projects on platforms like GitHub demonstrate these vulnerabilities for educational or illustrative purposes: GMs can use built-in Roll20 features to verify

: A showcase repository illustrating how to hijack WebSocket objects to modify client-side dice results. By using tools like Tampermonkey or Charles Proxy

: The primary technical method involves hijacking the window.WebSocket.prototype.send function. By using tools like Tampermonkey or Charles Proxy , users can intercept outgoing data packets.

: Monitoring the chat archive for unusual patterns—such as long delays before rolls or a total lack of "average" results—can help identify users employing packet filtering software.

While Roll20 uses a "Quantum Roll" system to generate random numbers server-side, vulnerabilities often stem from how these results are communicated to and from the player's client.