cure53 / flashbang Goto Github PK
View Code? Open in Web Editor NEWProject "Flashbang" - An open-source Flash-security helper
Home Page: https://cure53.de/flashbang
License: Mozilla Public License 2.0
Project "Flashbang" - An open-source Flash-security helper
Home Page: https://cure53.de/flashbang
License: Mozilla Public License 2.0
SWF : http://dev.sencha.com/deploy/dev/resources/charts.swf
till : I think I vaguely remember that this has to do with the order in which things get added to the stage vs their constructor being run
Person to contact : tobytailor
it told me to report a bug in the thing, i tried to run the first Achievement Unlocked in the thing and it popped up with an error. idk why it did that, but it did. pls fix
Flashbang will need a rough outline for a first API. Something like:
Flashbang.load()
Flashbang.scan()
Flashbang.info()
Flashbang.close()
We need to think who this could look like and what we want to do in the early alpha.
Decompiled source - Here
This is to ensure that if swf tries to parse parameters from url our flashVars still work. Detection of flashVars is complex in this case though.
loaderInfo._url has to be tampered : Help
P.S: Think of something for detection, may be we can proxy the calls of _url
I've uploaded the file here:
https://ufile.io/e6f
You can try it by opening the file in your browser and adding "?clickTAG=http://www.example.com" to the end of the URL.
Now click the image, and http://www.example.com will open in a new tab.
Here is the SWF file.
https://github.com/umbraco/Starterkits/blob/master/Overflow/Overflow/umbraco/Dashboard/Swfs/AIRInstallBadge.swf
Open it like this for example: AIRInstallBadge.swf?str_error=I am so vulnerable!&str_err_params=Click here for XSS!
We need an overall of ten to fifteen vulnerable (to XSS) Flash files to show them to the Shumway team. Ideally we have them in a folder - each embedded in HTML with a button to trigger the vulnerability.
We need bugs that exploit vulnerabilities in as many different Flash/AS methods as possible. Further, some of the bugs should be requiring user interaction to be exploited, others should be exploitable without user interaction.
This step is important before we re-connect with the Shumway team. They basically will use this input to understand, what APIs we would need.
We need the following enhancements to make Flashbang be more usable:
console.log
that logs into a <textarea>
So, inturn flashbang will not work
Bug : Here
Hey Cure53 Team,
Awesome work! Thanks a ton... My issue is with the specific SWF at https://www.sc.com/sg/personal-banking/investment/online-trading-tour/main.swf
It's not being reversed... Am I missing anything here?
Thanks,
Kiran
Decompiled source : Here
The call is "YUI.applyTo" is not happening :O
If some extra information about variables is available during this stage, which can be leveraged to guess the type of variables then it will be useful
I got inconsistent results scanning this swf. RIght now it seems to only detect FlashVars but no sinks. Initially it wasn't detecting anything.
Link to swf
https://docs.google.com/file/d/0B-4ZVWytXXbCbVJfcmZZaEFtbVU
Vulnerability overview:
zeroclipboard/zeroclipboard#14
Heya,
strangely, in this file, Flashbang cannot see the Flashvars. It needs to be noted, that other decompilers and tools have similar issues.
http://s3.amazonaws.com/avlidienbrunn/wheres_the_xss.swf
Can we specify what is happening here?
Cheers,
.mario
We need to think what features we would like to present - and how a very early UI could look like. All Flashbang features should be available as API, the early UI draft should respect this.
http://globalassets.starbucks.com/static/media/goalsandprogress/exploreTheStore.swf
Uncaught TypeError: Cannot read property 'props' of undefined
at Object.addTimelineChild [as _addTimelineChild]
This swf file will break the runtime of flashbang
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.