![]() HP’s product was the clear winner, providing both the most complete functionality and features, ease of use, and detailed reports. So the test is a fail due to Flash 10 being used in my application. “SWFIntruder purpose is to analyze a Flash application for version =< 8” It is a OWASP tool, and the site ( ) states: Installation was simple (100KB TGZ), which you extract, then simply point your browser (site states it requires Firefox 2.x) to the 127.0.0.1/…/index.html file. I don’t know if it’s because there was no vulnerabilities found or if the feature failed, but I obtained no results from the Analyze feature. There’s even an Analyze feature used to obtain a report of vulnerabilities in the application. In addition its UI is very intuitive, there’s even a tab to display the discovered URLS. Here is my original code: // Display read-only status information private function onNetStatus(event:NetStatusEvent):void ![]() ![]() mxml source code, these are missing from the SWFScan source.ġst thing to do, removed unused variables from my code! The look and very is very similar to Microsoft’s Application Verifier tool, a tool used to verify SDL compliance in unmanaged applications.įirst thing I noticed, I had unused strings, which the compiler stripped out of the final app. ![]() Installation was simple (6MB MSI), then you simply add the path to the SWF in the GUI and hit the “Get” button. This was no surprise given the recent version of the Supergroove application, and the dated Flare tool version. FLR file produced by Flare was some 31 lines of nothing. – ActionScript III (Flash 9) isn’t supported. Features: Exporting scripts, images, shapes, movies, sounds, fonts. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts, and fonts. – No images, sounds or text are extracted - ActionScript only. JPEXS Free Flash Decompiler is an Open Source Flash SWF decompiler and editor. Installation was simple (100K EXE), then it is just a matter of right clicking the SWF file and selecting “Decompile”. Note, my SuperGroove Flash application was built with the latest Adobe Flash Builder 4 compiler, (Flex 4.1 SDK), and requires Flash 10.1 at a minimum in the client’s browser.Īll tests were run on a 圆4 Vista PC. I downloaded the SWF and ran each of the tools on it. The application used is a real world Flash Application for which I have the original code.Īlthough SuperGroove is in its alpha stage of development, now is as good a time as any to use these tools in order to determine:ġ- Which of them works best for pen testers.Ģ- And the tools may provide some insight as to possible issues in my Flash code, which I should fix. ![]() Displaying SWF resources (shapes, sprites, fonts, buttons.This article compares three popular Flash decompilers. Replacing images, editing texts, fonts and other tags Clicking decompiled source highlights P-code associated instruction and vice-versa It can be used to extract resources from Flash animation files. Experimental direct editing of ActionScript source JPEXS is an open-source Flash SWF decompiler and editor. #Jpexs free flash decompiler windows installYou can install SWFTools distribution (which has also a command line program), and use SWFExtract. Various output formats like SVG or HTML5 Canvas SWFTools - SWF manipulation and generation utilities. Exporting scripts, images, shapes, movies, sounds, fonts. Works with Java on Windows, Linux or MacOS. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts or fonts. JPEXS Free Flash Decompiler (FFDec) is opensource flash SWF decompiler and editor. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |