WebApp Sec mailing list archives
RE: SWF assesment
From: Paul Theriault <Paul.Theriault () stratsec net>
Date: Mon, 7 Sep 2009 09:33:53 +1000
Pretty sure SWFScan will not do that. SWFScan is a SWF decompiler (one of the few that handles AS3), and static code analysis tool. As someone previously suggested though, you can decompile, copy and paste the functions you are interested in into your own new file, and then go nuts. Obviously depends on how complex the app is etc. As for your request, I don't know of such a tool(if it does I would also be very interested in it). You might want to look at the various debuggers that are available for flash. Never seen such a function but that isn't to say it doesn't exist. The flashsec wiki has an excellent list of flash related software: https://www.flashsec.org/wiki/Software Also Burp Pro now supports proxying AMF if your app happens to use that: http://releases.portswigger.net/2009/08/v1214.html Finally, you might want to ask on flashcoders: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Good Luck! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jfvanmeter () comcast net Sent: Thursday, 3 September 2009 8:54 PM To: Serg B Cc: webappsec () securityfocus com Subject: Re: SWF assesment swfscan might do what your looking for, I have to say that I've not used the tool alot. http://www.cgisecurity.com/2009/03/swfscan-free-flash-security-tool.html ----- Original Message ----- From: "Serg B" <sergeslists () gmail com> To: webappsec () securityfocus com Sent: Thursday, September 3, 2009 1:46:08 AM GMT -05:00 US/Canada Eastern Subject: SWF assesment Hi all Does anyone know of a tool that would allow me to query/execute arbitrary methods within a currently loaded flash app? E.g. Go to a web page, server serves a SWF file, SWF file is loaded and does whatever... I would like to be able to invoke individual methods and properties inside the SWF file, while it's loaded in the web browser. Thanks Serg -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg Click here to report this message as spam: https://login.mailguard.com.au/report/1ydNaVhMIB/6HkHcFZebOEvJ6R46wKf3o/0
Current thread:
- Re: SWF assesment Leonardo Cavallari Militelli (Sep 07)
- <Possible follow-ups>
- Re: SWF assesment jfvanmeter (Sep 07)
- RE: SWF assesment Paul Theriault (Sep 07)
- Re: SWF assesment Saeed Abu Nimeh (Sep 07)
- Re: SWF assesment Serg B (Sep 07)