Chapter 5  ■ Bypassing Client-Side Controls

The tools described can be obtained from:

■■

Flasm —

www.nowrap.de/flasm

■■

Flare —

www.nowrap.de/flare

■■

ActionScript Obfuscator —

www.genable.com/aso.html

■■

Viewer Screwer —

www.debreuil.com/vs

HACK STEPS

■

Explore the functionality of the Flash object within your browser. Use an

intercepting proxy to monitor any requests made to the server, to under-

stand which actions are executed entirely within the client-side compo-

nent itself and which may involve some server-side processing and

controls.

■

Any time you see data being submitted to the server, determine whether

this is transparent in nature, or has been obfuscated or encrypted in

some way. If the former is the case, you can bypass any controls imple-

mented within the object by simply modifying this data directly.

■

If the data that the object submits is opaque in nature, use Flasm to dis-

Download 5,76 Mb.

Do'stlaringiz bilan baham: