FlashSec

##Introduction

This repository aims to compile scripts and tools that can be used during penetration tests to assess the security of different flash related scenarios.

##Contents of the project

Crossdomain.mxml: Script written in FLEX that exploits permissive crossdomain flash policy files to make arbitrary requests to the target website. To compile just download the FLEX SDK (available at http://www.adobe.com/devnet/flex/flex-sdk-download.html) and run mxmlc:

$ ./mxmlc Crossdomain.mxml
Loading configuration file C:\Flex\frameworks\flex-config.xml 
C:\Flex\bin\Crossdomain.swf (535802 bytes)

The script expects a url parameter pointing to the vulnerable site, i.e.: http://example.com/Crossdomain.swf?url=http://victim.com/protectedResource

BrowserCookies.as and Index.as: Script written in Action Script to read the cookies of the website where the file is hosted at using flash. To compile just download the FLEX SDK (available at http://www.adobe.com/devnet/flex/flex-sdk-download.html) and run mxmlc (make sure both files are in the same folder):

$ ./mxmlc Index.as
Loading configuration file C:\Flex\frameworks\flex-config.xml
C:\Flex\bin\Index.swf (1097 bytes)

About

Repository aimed to compile scripts and tools that can be used during penetration tests to assess the security of different flash related scenarios.

BSD 3-Clause "New" or "Revised" License

Languages

Language:ActionScript 100.0%