Hi folks,
This may be of some interest to people on the list.
http://code.google.com/p/blazer/
Blazer is a Burp Suite plugin for testing AMF-based applications that use Java remoting technologies (e.g. Adobe BlazeDS).
It implements a new testing approach, introduced at Black Hat USA 2012. In a nutshell, it allows to build custom AMF messages, dynamically generating objects from method signatures via Java reflection and "best-fit" heuristics.
If you are interested, have a look at the code.
Cheers,
Luca
Luca Carettoni // Matasano Security
Hi folks,
This may be of some interest to people on the list.
http://code.google.com/p/blazer/
Blazer is a Burp Suite plugin for testing AMF-based applications that use Java remoting technologies (e.g. Adobe BlazeDS).
It implements a new testing approach, introduced at Black Hat USA 2012. In a nutshell, it allows to build custom AMF messages, dynamically generating objects from method signatures via Java reflection and "best-fit" heuristics.
If you are interested, have a look at the code.
Cheers,
Luca
---
Luca Carettoni // Matasano Security