Another is HP's swfscan decompiles and looks for vulnerabilities in swf files
and is free...It doesn't decompile successfully all the time, but works most of
the time.
https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/index.php?key=swf
________________________________
From: Bradley McMahon <[email protected]>
To: PaulDotCom Security Weekly Mailing List <[email protected]>
Sent: Thursday, October 6, 2011 1:58 PM
Subject: Re: [Pauldotcom] Any tips for assessing Flash Applications and
Silverlight?
For flash I recommend SWF Decompiler from sothink. It completely
decompiles the flash swf file into a fla file that you can open in
flash.
As for silverlight I have no experience in decompiling, but I've heard
that the XAP files are just zip files. if you explore the html and
find the XAP file, download it and rename the extension to zip and it
will unpack the dll files. ( warning it might be an explosive zip so
do it in a dir to keep your sanity). After that just use Reflector or
some other .net decompiler.
Good luck
-Brad
On Thu, Oct 6, 2011 at 4:14 PM, Dimitrios Kapsalis <[email protected]> wrote:
> Been asked to look into flash and silverlight applications and ways to
> assess them.
>
> With flash there are some items I have in mind as I have played with it a
> bit, silverlight however is a new animal.
>
> Any recommendations for tips or resources to look into?
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
