Re: pen testing flash games.

From: Nathan Bijnens (nbijnens@servs.eu)
Date: Sat Jun 23 2007 - 20:02:12 EDT


Dear,

The swf decompile'ng could be done with Sothink SWF Decompiler. Quite
handy program.

regards
Jerome Athias wrote:
> Hi,
>
> you can easily download the binaries (.swf) and decompile them (.fla)
> it would give a nice overview of our they work ;-)
>
> if you sniff HTTP traffic you should be also easily able to see what
> data they exchange with the server and then for example be able to use a
> fuzzer to send malformed, overly long requests
>
> Good luck
> /JA
> https://www.securinfos.info
>
> zimblyzuper@gmail.com a écrit :
>> Dear all
>>
>> I am doing a pentest on a gaming website which has mostly online flash
>> games. There are known vulnerabilities in flash but i dont know how to
>> execute them. In the website, there are also some downloadable games
>> which have to be purchased after downloading. Theese games also send
>> info such as high scores to the server. Can somebody tell me how to
>> exploit the vulnerabilities of flash? and is there any intercepting
>> proxy which can trap requests and responses of applications such as
>> games, media players, gtalk etc.
>>
>>
>> Please advice.

-- 
Nathan Bijnens | Zaakvoerder | nbijnens@servs.eu | +32 486 15 88 29
Servs BVBA | http://servs.eu | BTW BE 0888 048 856 | 001-5180517-17






This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:54 EDT