PaulDotCom mailing list archives
Re: Any tips for assessing Flash Applications and Silverlight?
From: "S. R. White" <swprofile () yahoo com>
Date: Thu, 6 Oct 2011 14:11:23 -0700 (PDT)
Another is HP's swfscan decompiles and looks for vulnerabilities in swf files and is free...It doesn't decompile successfully all the time, but works most of the time. https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf ________________________________ From: Bradley McMahon <bradmcmahon () gmail com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Sent: Thursday, October 6, 2011 1:58 PM Subject: Re: [Pauldotcom] Any tips for assessing Flash Applications and Silverlight? For flash I recommend SWF Decompiler from sothink. It completely decompiles the flash swf file into a fla file that you can open in flash. As for silverlight I have no experience in decompiling, but I've heard that the XAP files are just zip files. if you explore the html and find the XAP file, download it and rename the extension to zip and it will unpack the dll files. ( warning it might be an explosive zip so do it in a dir to keep your sanity). After that just use Reflector or some other .net decompiler. Good luck -Brad On Thu, Oct 6, 2011 at 4:14 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:
Been asked to look into flash and silverlight applications and ways to assess them. With flash there are some items I have in mind as I have played with it a bit, silverlight however is a new animal. Any recommendations for tips or resources to look into? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Any tips for assessing Flash Applications and Silverlight? Dimitrios Kapsalis (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? Bradley McMahon (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? S. R. White (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? Michael Douglas (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? Dimitrios Kapsalis (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? Nicholas B. (Oct 07)
- Re: Any tips for assessing Flash Applications and Silverlight? Jim Halfpenny (Oct 07)
- Re: Any tips for assessing Flash Applications and Silverlight? Bradley McMahon (Oct 06)
- Re: Any tips for assessing Flash Applications and Silverlight? Joel Esler (Oct 11)
- Re: Any tips for assessing Flash Applications and Silverlight? Dimitrios Kapsalis (Oct 11)