Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling purposes.
Cheers,
Tasos L.
HP's free SWF Scan does a great job of decompiling Flash and analyzes
SWF's for potential issues and information leakage.
There's also the open source Flare program, which will give you back
all of the embedded ActionScript.
On Jul 9, 2011, at 9:56 AM, Tasos Laskos tasos.laskos@gmail.com wrote:
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
maybe this can help you
http://www.adobe.com/content/dam/Adobe/en/devnet/swf/pdf/swf_file_format_spec_v10.pdf
Marc
Al 09/07/2011 12:36, En/na Tasos Laskos ha escrit:
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling
purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Use flare decompiler or for testing of some common issues you can use
SWFIntruder
Regards,
Juan C Calderon
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Tasos
Laskos
Sent: Saturday, July 09, 2011 5:36 AM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Extracting paths from Flash
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling
purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org
Thanks for the suggestion but I was hoping for a spec or an article
discussing how to do it rather than a tool.
I guess I'll have to read away at flare's source code to get the
information I want unless someone else has a better idea.
Cheers,
Tasos L.
On 07/10/2011 08:32 PM, Calderon, Juan Carlos (GE, Corporate,
consultant) wrote:
Use flare decompiler or for testing of some common issues you can use
SWFIntruder
Regards,
Juan C Calderon
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Tasos
Laskos
Sent: Saturday, July 09, 2011 5:36 AM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Extracting paths from Flash
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling
purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.
org
Flare is a flas decompiler extracts the code from the flash, so you can
just analize it the way you want
Regards,
Juan C Calderon
-----Original Message-----
From: Tasos Laskos [mailto:tasos.laskos@gmail.com]
Sent: Sunday, July 10, 2011 12:55 PM
To: Calderon, Juan Carlos (GE, Corporate, consultant)
Cc: websecurity@webappsec.org
Subject: Re: [WEB SECURITY] Extracting paths from Flash
Thanks for the suggestion but I was hoping for a spec or an article
discussing how to do it rather than a tool.
I guess I'll have to read away at flare's source code to get the
information I want unless someone else has a better idea.
Cheers,
Tasos L.
On 07/10/2011 08:32 PM, Calderon, Juan Carlos (GE, Corporate,
consultant) wrote:
Use flare decompiler or for testing of some common issues you can use
SWFIntruder
Regards,
Juan C Calderon
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Tasos
Laskos
Sent: Saturday, July 09, 2011 5:36 AM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Extracting paths from Flash
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling
purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
org
The reason I was asking is because I want to enable my crawler to
extract paths from SWF files and calling 3rd party binaries is not an
option.
So any existing tool is only useful as a reference implementation
although I'd rather read an article than go through thousands of LOCs to
find the information I want.
On 07/10/2011 09:04 PM, Calderon, Juan Carlos (GE, Corporate,
consultant) wrote:
Flare is a flas decompiler extracts the code from the flash, so you can
just analize it the way you want
Regards,
Juan C Calderon
-----Original Message-----
From: Tasos Laskos [mailto:tasos.laskos@gmail.com]
Sent: Sunday, July 10, 2011 12:55 PM
To: Calderon, Juan Carlos (GE, Corporate, consultant)
Cc: websecurity@webappsec.org
Subject: Re: [WEB SECURITY] Extracting paths from Flash
Thanks for the suggestion but I was hoping for a spec or an article
discussing how to do it rather than a tool.
I guess I'll have to read away at flare's source code to get the
information I want unless someone else has a better idea.
Cheers,
Tasos L.
On 07/10/2011 08:32 PM, Calderon, Juan Carlos (GE, Corporate,
consultant) wrote:
Use flare decompiler or for testing of some common issues you can use
SWFIntruder
Regards,
Juan C Calderon
-----Original Message-----
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Tasos
Laskos
Sent: Saturday, July 09, 2011 5:36 AM
To: websecurity@webappsec.org
Subject: [WEB SECURITY] Extracting paths from Flash
Hi guys,
Do you have any pointers to flash decompiling?
I'm not trying to do anything fancy just extract URLs for crawling
purposes.
Cheers,
Tasos L.
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
org