Flash programs are widely used on web applications some time they allow web developers to add special animation on the web page or adding banners. Cybercriminals may use the flash to obfuscate malicious files and host on the web malwares. Here the website can be compromised or owned by attackers to infect victims and remotely control more computers.
Adobe SWF Investigator is an open source tool that can be used for analyzing the security of SWF applications. Researcher can use the tool to display static information about the SWF file or to dynamically interact with the SWF application.
The SWF Investigator allows also identifying and pentest security vulnerabilities. This by using the following:
- XSS Fuzzer allow to test common cross-site scripting (XSS) vulnerabilities on local hard drive.
- Hex Viewer to view and edit the raw SWF bytes in the original format.
- The Local Connection Communicator allows you to dynamically send or receive data to and from Local Connections on any domain.
- The Mini Web Server is a basic web server for returning HTML and SWF content.
You can use the tool to improve SWF applications or investigate the application behavior. If you are looking to download the tool follow this link: http://labs.adobe.com/technologies/swfinvestigator/.