WebApp Sec mailing list archives
RE: Crawl And interpret Flash files redux
From: "arian.evans" <arian.evans () anachronic com>
Date: Sat, 18 Feb 2006 12:18:41 -0600
Does anyone know of a good flash parsing/extraction utilities for manual swf analysis? I too am having a real problem finding something that actually does this effectively. (besides, you know, the eyeball/hand/mouse widget set) -ae
-----Original Message----- From: arian.evans [mailto:arian.evans () anachronic com] Sent: Wednesday, February 15, 2006 8:26 AM To: lists () dawes za net; webappsec () securityfocus com Subject: RE: Crawl And interpret Flash files-----Original Message----- From: Rogan Dawes [mailto:discard () dawes za net] Sent: Wednesday, February 15, 2006 6:21 AM tester () mytrashmail com wrote:Hi, I'm looking for a way to auto Crawl And interpret Flashfiles i'm writing a crawler that should support this AFAIK, Metis has/had a flash parser in its spider library. RoganThanks, I was curious how this was done. fwiw// I've been testing all the commercial scanners again and since most of them list "flash" as a bullet point, I made a couple of SWF files to represent varying complexity of vector-based navigation (from completely flat w/links to several layers of rendering). I can't find a single webappsec tool that automatically extracts the links and navigates SWFs properly, if at all. This could *entirely* be the result of my having improperly designed SWFs, since I won't claim to know what I am doing with the format. I will be releasing everything to the public for scrutiny, -ae -------------------------------------------------------------- ----------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013 00000003gRl -------------------------------------------------------------- ------------
------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Crawl And interpret Flash files tester (Feb 15)
- Re: Crawl And interpret Flash files Rogan Dawes (Feb 15)
- RE: Crawl And interpret Flash files arian.evans (Feb 16)
- RE: Crawl And interpret Flash files redux arian.evans (Feb 18)
- Re: Crawl And interpret Flash files redux dp (Feb 20)
- RE: Crawl And interpret Flash files redux arian.evans (Feb 21)
- RE: Crawl And interpret Flash files arian.evans (Feb 16)
- Re: Crawl And interpret Flash files Rogan Dawes (Feb 15)