Code Monkey home page Code Monkey logo

flashbang's Introduction

Flashbang

Welcome to project "Flashbang". This tool is an open-source Flash-security helper with a very specific purpose: Find the flashVars of a naked SWF and display them, so a security tester can start hacking away without decompiling the code.

Flashbang is built upon Mozilla's Shumway project. It runs in the browser but has a bunch of requirements to work properly. See the links below.

How To Run Flashbang?

Just use our public tool and feed it SWF files: https://cure53.de/flashbang

No files will be ever uploaded to any server, it all happens in the browser. So no worries. You still do worry? Good. You can also install it locally of course. Check below on how to do that.

How to Install Flashbang locally?

Flashbang is still in alpha stage so things might be a bit edgy there and where. Here's how to setup and run Flashbang (no worries, it takes about 5 minutes to get it running):

  • Clone the repo using the --recursive flag, so that all necessary submodules are cloned as well
  • Ideally clone it into an Apache web-root (or any other web server)
  • Prepare the environment for Shumway to work properly Instructions.
  • Visit the URL Flashbang/src/flashbang.html in Chrome (Firefox has a bug right now, we're on it).
  • Console to logging is enabled by default. So ideally keep developer tools open.
  • Run a file by clicking "Open SWF"
  • Flashbang will then show you the flashVars and you can start testing for XSS or alike

Testing Flashbang

To play with Flashbang you need Flash files. Obviously. If you don't have any at hands right now, we can offer you a fine selection of vulnerable files right here:

https://github.com/cure53/Flashbang/tree/master/flash-files/files

Bugs

Flashbang is very young and basically alpha-level software. And finding flashVars in an SWF has proven to be quite hard. So please don't be disappointed it Flashbang isn't yet working for each and any SWF file out there. If you have a SWF where Flashbang doesn't see the flashVars please file a bug and send us some info. We'll try to fix it asap.

Credits

Flashbang was specified and sponsored by Cure53, built by Bharadwaj Machiraju - the Cure53 summer intern and wouldn't exist without the help of Mozilla Research and their amazing Shumway project. Now here's some links you can click:

flashbang's People

Contributors

flabbergastedbd avatar cure53 avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.