Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Crawl And interpret Flash files redux

Re: Crawl And interpret Flash files redux

From: dp <diopollon_at_gmail.com>
Date: Mon, 20 Feb 2006 11:02:08 +0100

Arian,
could be useful to use flasm ... http://flasm.sourceforge.net

arian.evans wrote:
> Does anyone know of a good flash parsing/extraction
> utilities for manual swf analysis?
>
> I too am having a real problem finding something that
> actually does this effectively. (besides, you know,
> the eyeball/hand/mouse widget set)
>
> -ae
>
>> -----Original Message-----
>> From: arian.evans [mailto:arian.evans_at_anachronic.com]
>> Sent: Wednesday, February 15, 2006 8:26 AM
>> To: lists_at_dawes.za.net; webappsec_at_securityfocus.com
>> Subject: RE: Crawl And interpret Flash files
>>
>>
>>> -----Original Message-----
>>> From: Rogan Dawes [mailto:discard_at_dawes.za.net]
>>> Sent: Wednesday, February 15, 2006 6:21 AM
>>>
>>> tester_at_mytrashmail.com wrote:
>>>> Hi,
>>>>
>>>> I'm looking for a way to auto Crawl And interpret Flash
>>> files i'm writing a crawler that should support this
>>>
>>> AFAIK, Metis has/had a flash parser in its spider library.
>>>
>>> Rogan
>> Thanks, I was curious how this was done.
>>
>> fwiw// I've been testing all the commercial scanners again
>> and since most of them list "flash" as a bullet point, I made
>> a couple of SWF files to represent varying complexity of
>> vector-based navigation (from completely flat w/links to
>> several layers of rendering).
>>
>> I can't find a single webappsec tool that automatically
>> extracts the links and navigates SWFs properly, if at all.
>>
>> This could *entirely* be the result of my having improperly
>> designed SWFs, since I won't claim to know what I am doing
>> with the format.
>>
>> I will be releasing everything to the public for scrutiny,
>>
>> -ae
>>
>>
>>
>>
>>
>> --------------------------------------------------------------
>> -----------
>> This List Sponsored by: SpiDynamics
>>
>> ALERT: "How A Hacker Launches A Web Application Attack!"
>> Step-by-Step - SPI Dynamics White Paper
>> Learn how to defend against Web Application Attacks with real-world
>> examples of recent hacking methods such as: SQL Injection, Cross Site
>> Scripting and Parameter Manipulation
>>
>> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013
>> 00000003gRl
>> --------------------------------------------------------------
>> ------------
>
>
> -------------------------------------------------------------------------
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world
> examples of recent hacking methods such as: SQL Injection, Cross Site
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------
>
>

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Feb 20 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]