With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the first tool specifically developed for analyzing and testing security of Flash applications at runtime.
- Basic predefined attack patterns.
- Highly customizable attacks.
- Highly customizable undefined variables.
- Semi automated XSS check.
- User configurable internal parameters.
- Log Window for debugging and tracking.
- History of latest 5 tested SWF files.
- ActionScript Objects runtime explorer in tree view.
- Persistent Configuration and Layout.
SWFIntruder was developed by using only open source software. Thanks to its generality, SWFIntruder is OS independant.
You can download SWFIntruder here:
Or read more here.
- HoneyDrive Desktop v0.2 Released – Honeypot LiveCD
- Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items
- Rec Studio 4 – Reverse Engineering Compiler & Decompiler
- SWFScan – Free Flash Application Security Scanner
- ServiceCapture – HTTP Traffic Capture for Debugging Flash
- Watcher – Passive Analysis Tool For HTTP Web Applications
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 65,520 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 28,817 views
- sslsniff v0.6 Released – SSL MITM Tool - 26,843 views