WebApp Sec mailing list archives
AMF Testing with Blazer
From: Luca Carettoni <luca () matasano com>
Date: Thu, 2 Aug 2012 11:00:45 -0700
Hi folks, This may be of some interest to people on the list. http://code.google.com/p/blazer/ Blazer is a Burp Suite plugin for testing AMF-based applications that use Java remoting technologies (e.g. Adobe BlazeDS). It implements a new testing approach, introduced at Black Hat USA 2012. In a nutshell, it allows to build custom AMF messages, dynamically generating objects from method signatures via Java reflection and "best-fit" heuristics. If you are interested, have a look at the code. Cheers, Luca --- Luca Carettoni // Matasano Security This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- AMF Testing with Blazer Luca Carettoni (Aug 02)