WebApp Sec mailing list archives
Re: Crawl And interpret Flash files redux
From: dp <diopollon () gmail com>
Date: Mon, 20 Feb 2006 11:02:08 +0100
Arian, could be useful to use flasm ... http://flasm.sourceforge.net arian.evans wrote:
Does anyone know of a good flash parsing/extraction utilities for manual swf analysis? I too am having a real problem finding something that actually does this effectively. (besides, you know, the eyeball/hand/mouse widget set) -ae-----Original Message----- From: arian.evans [mailto:arian.evans () anachronic com] Sent: Wednesday, February 15, 2006 8:26 AM To: lists () dawes za net; webappsec () securityfocus com Subject: RE: Crawl And interpret Flash files-----Original Message----- From: Rogan Dawes [mailto:discard () dawes za net] Sent: Wednesday, February 15, 2006 6:21 AM tester () mytrashmail com wrote:Hi, I'm looking for a way to auto Crawl And interpret Flashfiles i'm writing a crawler that should support this AFAIK, Metis has/had a flash parser in its spider library. RoganThanks, I was curious how this was done. fwiw// I've been testing all the commercial scanners again and since most of them list "flash" as a bullet point, I made a couple of SWF files to represent varying complexity of vector-based navigation (from completely flat w/links to several layers of rendering). I can't find a single webappsec tool that automatically extracts the links and navigates SWFs properly, if at all. This could *entirely* be the result of my having improperly designed SWFs, since I won't claim to know what I am doing with the format. I will be releasing everything to the public for scrutiny, -ae -------------------------------------------------------------- ----------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013 00000003gRl -------------------------------------------------------------- ------------------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Crawl And interpret Flash files tester (Feb 15)
- Re: Crawl And interpret Flash files Rogan Dawes (Feb 15)
- RE: Crawl And interpret Flash files arian.evans (Feb 16)
- RE: Crawl And interpret Flash files redux arian.evans (Feb 18)
- Re: Crawl And interpret Flash files redux dp (Feb 20)
- RE: Crawl And interpret Flash files redux arian.evans (Feb 21)
- RE: Crawl And interpret Flash files arian.evans (Feb 16)
- Re: Crawl And interpret Flash files Rogan Dawes (Feb 15)