With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the first tool specifically developed for analyzing and testing security of Flash applications at runtime.
- Basic predefined attack patterns.
- Highly customizable attacks.
- Highly customizable undefined variables.
- Semi automated XSS check.
- User configurable internal parameters.
- Log Window for debugging and tracking.
- History of latest 5 tested SWF files.
- ActionScript Objects runtime explorer in tree view.
- Persistent Configuration and Layout.
SWFIntruder was developed by using only open source software. Thanks to its generality, SWFIntruder is OS independant.
You can download SWFIntruder here:
Or read more here.
- DAMM – Differential Analysis of Malware in Memory
- Malheur – Automatic Malware Analysis Tool
- LiME – Linux Memory Extractor
- SWFScan – Free Flash Application Security Scanner
- ServiceCapture – HTTP Traffic Capture for Debugging Flash
- Deblaze – Remote Method Enumeration Tool For Flex Servers
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,131 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 32,831 views
- sslsniff v0.6 Released – SSL MITM Tool - 27,124 views