For better viewing try http://www.testalways.com/extra/2012-08-28_2148.swf
I have here an example how I can use Fiddler to replay a submission on a web form. I isolate the exact HTTP request and I execute it again.
The server in this case is responding positively and it’s sending an email each time.
Replaying HTTP requests can be useful not only to receive a confirmation email back, but has other various utilities.
You can repeat (if there isn’t a protection blocking mechanism of course):
-creating a post on a forum
-creating a new thread
-sending reset password emails
Fiddler can be used to decrypt locally the HTTPS traffic, but for many types of spamming.
I use it successfully in some cases for Load Testing and when I overloaded the server I got error pages with sensitive information, so I found security issues in this way.
Swf files are the flash applications that you see on some websites. Even if developers usually know that the files can be decompressed and avoid putting sensitive stuff inside, there are still leaks.
To get the path directly for a swf file on a website, you can sometimes just spot it in the url directly. Other times you can use a Google search for a specific domain (in case it’s public) by entering “site:domain.com filetype:swf”. Other times the swf are little bit hidden and you need a tool like Fiddler2 to find the links.
Once you get the swf file, download it to your computer and decompress it. The decompress can be differently by different tool, but I recommend https://sites.google.com/site/as3extractor/ or http://www.showmycode.com/
I want to recommend this tool http://code.google.com/p/knull-shell/downloads/detail?name=knull-shellv1-beta.php for testing security issues.
With it I was able to hack into one of my client’s web server (literally the server that hosted the web application) and was able to create folders and delete files.
The script can be used for hacking a web application in places where you can upload images or any other files.
Example of a scenario:
1) Check if the web app has a section to upload an image (usually user profile)
2)Use an image with a specific name that you can recognize and upload it
3) Check after upload and storage where is the image now located (check if the name is intact ; check if the size is the same )
4) If the image is stored with the same name or is not altered, you can try uploading the knull-shell script and the check the url
5) if the url of the stored file ends in …/some_location/knull-shellv1-beta.php and permissions are set badly, you can try to execute that script by opening that url
6) If you are successful you should have something like this:
and you should have something like this
Now you can try to see how far you can go!
I try to find sometimes some interesting tools either by knowing or not knowing exactly what I am searching for. But it seems with the help of Google that you can find everything.
So one of the tools I found is for creating anagrams http://wordsmith.org/anagram/. You can have a lot of fun with it by for example trying your own name. For example I got:
EUSEBIU BLINDU -> “I SUBDUE IN BLUE”
Using the Alexa for the current most popular words search on internet to make anagram of them, I got:
WORLD CUP LIVE STREAMING -> “A TWIRL PRECLUDES MOVING” (?), “TRUMP DECLINES A GIRL, VOWS!” ( )
SHAKIRA ->”I, A SHARK”
SOCCER -> nothing here except 2 anagrams that are not relevant
ALL-TIME 10s -> “LAST 10 MILE”
ABC ->”CAB” that was easy
DICTIONARY ->”A DIRTY COIN”
SOLAR ECLIPSE ->”REPLACE SOILS”
SPAIN vs NETHERLANDS ->”INVENTS HANDLE SPARS”
HANNAH MONTANA ->”HAH, ANT ON MANNA”
UNIVISION ->”I IN VINOUS” (?) nothing that makes sense here
CONSUMER REPORTS ->”OUR RECENT ROMPS”
You have to actually select from large lists in some cases the anagram that actually makes sense. And sometimes there isn’t a relevant one.