You may also run them through a proxy and observe traffic as well.
Adobe actually has a Flash Proxy Solution. Dont know if they have trialware or
not?
http://livedocs.adobe.com/fms/2/docs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000133.html
Jay
----- Original Message -----
From: Jerome Athias [mailto:jerome.athias@free.fr]
To: zimblyzuper@gmail.com
Cc: pen-test@securityfocus.com
Sent: Sat, 23 Jun 2007 21:39:27 +0200
Subject: Re: pen testing flash games.
Hi,
you can easily download the binaries (.swf) and decompile them (.fla)
it would give a nice overview of our they work ;-)
if you sniff HTTP traffic you should be also easily able to see what
data they exchange with the server and then for example be able to use a
fuzzer to send malformed, overly long requests
Good luck
/JA
https://www.securinfos.info
zimblyzuper@gmail.com a ?crit :
> Dear all
>
> I am doing a pentest on a gaming website which has mostly online flash games.
> There are known vulnerabilities in flash but i dont know how to execute them.
> In the website, there are also some downloadable games which have to be
> purchased after downloading. Theese games also send info such as high scores
> to the server. Can somebody tell me how to exploit the vulnerabilities of
> flash? and is there any intercepting proxy which can trap requests and
> responses of applications such as games, media players, gtalk etc.
>
>
> Please advice.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
|