The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	221/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 217 218 219 220 221 222 223 224 ... 875

Bog'liq
3794 1008 4334

Shockwave Flash Objects

Flash is very popular on the Internet. It is often used as a means of providing

increased interactivity in informational web sites, but it is also employed in

web applications. Some online stores have Flash-based user interfaces, and it

is often used in jukebox software such as Pandora radio. The most common

124

Chapter 5

■

Bypassing Client-Side Controls

70779c05.qxd:WileyRed 9/16/07 5:14 PM Page 124

use of Flash in an application context is in online games. These vary in nature

from purely recreational games to serious casino functionality, where real

money is involved. Many such games have been targeted by correspondingly

recreational and serious attackers.

Given what we have observed about the fallible nature of client-side con-

trols, the idea of implementing an online gambling application using a thick-

client component that runs locally on a potential attacker’s machine is an

intriguing one. If any aspect of the game play is controlled within the Flash

component instead of by the server, an attacker could manipulate the game

with fine precision to improve odds, change the rules, or alter the scores sub-

mitted back to the server.

Like the other thick-client components examined, Flash objects are con-

tained within a compiled file that the browser downloads from the server and

executes in a virtual machine, which in this case is a Flash player implemented

in a browser plug-in. The SWF file contains bytecode that is interpreted by the

Flash VM (virtual machine), and as with Java bytecode, this can be decompiled

to recover the original ActionScript source code, using appropriate tools. An

alternative means of attack, which is often more effective, is to disassemble

and modify the bytecode itself, without actually fully decompiling it to source.

Flasm is a disassembler and assembler for SWF bytecode and can be used to

extract a human-readable representation of the bytecode from an SWF file and

then reassemble modified bytecode into a new SWF file:

C:\flash>flasm

Flasm 1.61 build May 31 2006

Usage: flasm [command] filename

Commands:

-d Disassemble SWF file to the console

-a Assemble Flasm project (FLM)

-u Update SWF file, replace Flasm macros

-b Assemble actions to __bytecode__ instruction or byte sequence

-z Compress SWF with zLib

-x Decompress SWF

Backups with $wf extension are created for altered SWF files.

To save disassembly or __bytecode__ to file, redirect it:

flasm -d foo.swf > foo.flm

flasm -b foo.txt > foo.as

Read flasm.html for more information.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 217 218 219 220 221 222 223 224 ... 875