Re: pen testing flash games.

[Jerome Athias <jerome.athias () free fr>]

Hi,

you can easily download the binaries (.swf) and decompile them (.fla)
it would give a nice overview of our they work ;-)

if you sniff HTTP traffic you should be also easily able to see what 
data they exchange with the server and then for example be able to use a 
fuzzer to send malformed, overly long requests

Good luck
/JA
https://www.securinfos.info

zimblyzuper () gmail com a écrit :
> Dear all
>
> I am doing a pentest on a gaming website which has mostly online flash games. There are known vulnerabilities in flash 
> but i dont know how to execute them. In the website, there are also some downloadable games which have to be purchased 
> after downloading. Theese games also send info such as high scores to the server. Can somebody tell me how to exploit 
> the vulnerabilities of flash? and is there any intercepting proxy which can trap requests and responses of applications 
> such as games, media players, gtalk etc.
>
>
> Please advice.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature