Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pen testing flash games.

From: Gasior <gasior () sky pl>
Date: Mon, 25 Jun 2007 08:55:01 +0200
Depending on the communication method Flash games uses, simply sniffing
HTTP requests could be not enough.
Try ServiceCapture
http://kevinlangdon.com/serviceCapture/

I don't know if you can exploit vulnerabilities of flash, but you could
try to mess with communication and game logic. Flash games are too often
poorly secured, so you can try to change highscores etc. Perhaps some of
the data is put in sql queries so you can try sql injection.

Best regards
Gasior

zimblyzuper () gmail com wrote:

Dear all
I am doing a pentest on a gaming website which has mostly online flash games. There are known vulnerabilities in 
flash but i dont know how to execute them. In the website, there are also some downloadable games which have to be 
purchased after downloading. Theese games also send info such as high scores to the server. Can somebody tell me how 
to exploit the vulnerabilities of flash? and is there any intercepting proxy which can trap requests and responses of 
applications such as games, media players, gtalk etc.

Please advice.



  



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: