Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: SWF assesment
From: Paul Theriault <Paul.Theriault () stratsec net>
Date: Mon, 7 Sep 2009 09:33:53 +1000
Pretty sure SWFScan will not do that. SWFScan is a SWF decompiler (one of the few that handles AS3), and static code 
analysis tool.
As someone previously suggested though, you can decompile, copy and paste the functions you are interested in into your 
own new file, and then go nuts. Obviously depends on how complex the app is etc.

As for your request, I don't know of such a tool(if it does I would also be very interested in it).

You might want to look at the various debuggers that are available for flash. Never seen such a function but that isn't 
to say it doesn't exist. The flashsec wiki has an excellent list of flash related software:
https://www.flashsec.org/wiki/Software

Also Burp Pro now supports proxying AMF if your app happens to use that:
http://releases.portswigger.net/2009/08/v1214.html

Finally, you might want to ask on flashcoders: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Good Luck! 



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jfvanmeter () comcast net
Sent: Thursday, 3 September 2009 8:54 PM
To: Serg B
Cc: webappsec () securityfocus com
Subject: Re: SWF assesment

swfscan might do what your looking for, I have to say that I've not used the tool alot.
http://www.cgisecurity.com/2009/03/swfscan-free-flash-security-tool.html


----- Original Message -----
From: "Serg B" <sergeslists () gmail com>
To: webappsec () securityfocus com
Sent: Thursday, September 3, 2009 1:46:08 AM GMT -05:00 US/Canada Eastern
Subject: SWF assesment

Hi all

Does anyone know of a tool that would allow me to query/execute arbitrary methods within a currently loaded flash app?

E.g.

Go to a web page, server serves a SWF file, SWF file is loaded and does whatever... I would like to be able to invoke 
individual methods and properties inside the SWF file, while it's loaded in the web browser.



Thanks
   Serg




--
Message  protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg

Click here to report this message as spam:
https://login.mailguard.com.au/report/1ydNaVhMIB/6HkHcFZebOEvJ6R46wKf3o/0

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]