HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.
*Disclaimer: I am not a Web Developer or an expert for Adobe Flash/Flex but i received a Web App engagement involving a website that uses only Adobe Flash/Flex hence my search thru the internet to find the easiest way to analyze flash/flex codes....Download the SWFScan from here:
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167#.UdLgmvlvDO0
Run the SWFscan.exe
The options and the list of checks
Input the URL with the extension .swf and click Get. It will decompile the .swf file and list down the codes. You could also provide the path of the extracted .swf files. To do that, refer to this:
http://securityg33k.blogspot.sg/2013/07/swf-files-how-to-extract-them-using.html
http://securityg33k.blogspot.sg/2013/07/swf-files-how-to-extract-them-using.html
If the link placed has no .swf as the extension, you will get the following error.
To analyze the codes, simply click Analyze
When analysis has been performed, it will highlight the lines on the left in Red. Clicking on it will show the possible vulnerability in the codes. One the right pane, it also shows the Summary of the vulnerability, the fix and the references that we can refer to.
Other than that, SWFScan can perform the following as well
- Export the Source Code
- Export the URLs
- Create Vulnerability Report
More info:
No comments:
Post a Comment