I am trying to learn more about security while developing my online game.
Is it possible and how difficult is it to intercept a packet sent from the server, modify it by using some software and send back data to the server?
Here's a scenario:
A player enters a battle against an AI enemy. A player loses the battle and at the end of the battle, the packet is sent back to the server of what has happened. Would it be possible to modify this packet before it is sent and tell the server that the player has won the battle instead? How would one read this data, and modify it?
Would it be possible to go as far as to say the player entered a battle against 1 enemy but send a packet to the server saying the player has won the battle against 20 enemies? (assuming the server has no implementation of protecting itself from this)
Considering your scenario, if you assume the packets between the clients and the server are encrypted then the possibility of the attack happening is fairly low (Of course this depends on the encryption used).
But let's consider unencrypted packets, a man-in-the-middle attack could be possible and is not difficult to perform. This would require the attacker to be able to understand your packet being sent: for instance, if you have a 'win/lose' bit somewhere and the attacker knows its exact position then he could craft a different packet (check out scapy module in python if you're into crafting packets).
There are tools for intercepting packets, the most common one is Wireshark. The Scapy module for example allows you to sniff packets and send a packet at the same time making it easy for this scenario.
The winning against 20 at once scenario also depends on how the server is handling the game on its end (e.g. does it accept more than one game per user at a time?)