Re: Crawl And interpret Flash files redux

[dp <diopollon () gmail com>]

Arian,
could be useful to use flasm ...  http://flasm.sourceforge.net

arian.evans wrote:
> Does anyone know of a good flash parsing/extraction
> utilities for manual swf analysis?
>
> I too am having a real problem finding something that
> actually does this effectively. (besides, you know,
> the eyeball/hand/mouse widget set)
>
> -ae
>
> > -----Original Message-----
> > From: arian.evans [mailto:arian.evans () anachronic com] 
> > Sent: Wednesday, February 15, 2006 8:26 AM
> > To: lists () dawes za net; webappsec () securityfocus com
> > Subject: RE: Crawl And interpret Flash files
> >
> >  
> > > -----Original Message-----
> > > From: Rogan Dawes [mailto:discard () dawes za net] 
> > > Sent: Wednesday, February 15, 2006 6:21 AM
> > >
> > > tester () mytrashmail com wrote:
> > > > Hi, 
> > > >
> > > > I'm looking for a way to auto Crawl And interpret Flash 
> > > files i'm writing a crawler that should support this 
> > >
> > > AFAIK, Metis has/had a flash parser in its spider library.
> > >
> > > Rogan
> > Thanks, I was curious how this was done.
> >
> > fwiw// I've been testing all the commercial scanners again
> > and since most of them list "flash" as a bullet point, I made
> > a couple of SWF files to represent varying complexity of
> > vector-based navigation (from completely flat w/links to
> > several layers of rendering).
> >
> > I can't find a single webappsec tool that automatically
> > extracts the links and navigates SWFs properly, if at all.
> >
> > This could *entirely* be the result of my having improperly
> > designed SWFs, since I won't claim to know what I am doing
> > with the format.
> >
> > I will be releasing everything to the public for scrutiny,
> >
> > -ae
> >
> >
> >
> >
> >
> > --------------------------------------------------------------
> > -----------
> > This List Sponsored by: SpiDynamics
> >
> > ALERT: "How A Hacker Launches A Web Application Attack!" 
> > Step-by-Step - SPI Dynamics White Paper
> > Learn how to defend against Web Application Attacks with real-world 
> > examples of recent hacking methods such as: SQL Injection, Cross Site 
> > Scripting and Parameter Manipulation
> >
> > https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013
> > 00000003gRl
> > --------------------------------------------------------------
> > ------------
>
>
> -------------------------------------------------------------------------
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!" 
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world 
> examples of recent hacking methods such as: SQL Injection, Cross Site 
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------