From: Gasior (gasior@sky.pl)
Date: Mon Jun 25 2007 - 02:55:01 EDT
Depending on the communication method Flash games uses, simply sniffing
HTTP requests could be not enough.
Try ServiceCapture
http://kevinlangdon.com/serviceCapture/
I don't know if you can exploit vulnerabilities of flash, but you could
try to mess with communication and game logic. Flash games are too often
poorly secured, so you can try to change highscores etc. Perhaps some of
the data is put in sql queries so you can try sql injection.
Best regards
Gasior
zimblyzuper@gmail.com wrote:
> Dear all
> I am doing a pentest on a gaming website which has mostly online flash games. There are known vulnerabilities in flash but i dont know how to execute them. In the website, there are also some downloadable games which have to be purchased after downloading. Theese games also send info such as high scores to the server. Can somebody tell me how to exploit the vulnerabilities of flash? and is there any intercepting proxy which can trap requests and responses of applications such as games, media players, gtalk etc.
>
> Please advice.
>
>
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:54 EDT