As I promised I’m going to write some post talking about the topics I discussed in the last Reading Geek Night. This doesn’t cover all the security aspect of Flash applications but can be a nice introduction to those who wants to play a bit with Flash files.
I started showing how to capture the traffic between the flash application and the server. Usually people thinks that, as the flash application is not like a normal web page, you cant see the request its making. For a pentesting perspective if we are testing a flash application we can forget (at least in the beginning) about the flash file and focus in the request it’s making to the server. There is where we will test against SQL injection, XSS (we will discuss how to perform XSS attacks against flash files in other post) or logic bypass.
I use the Firefox extension called Live HTTP Headers. It’s a very simple extension that shows the communication between our browser and the server, revealing the requests, the responses and all the information present in the headers.
We are going to use a Spanish music band website to explain how to analyse the requests. After going into the website, the flash application loads the background music. As we want to download the music and listen anytime we can use the Live HTTP Headers extension to see what happens when we click in the “Next song” button:
We can now copy this link and download the song.
This technique can be used to analyse any flash application and discover where is the information the flash application is loading. These URLs will be the one we will pentest during a security assessment.
Next step… decompiling the flash file and reading a bit of source code!