Friday, August 28, 2009

Flash Remoting Support in Burp Suite Pro

Assessing applications that utilize flash remoting calls often require tools to analyze, manipulate, and replay requests. These tools are required because flash remoting request and response payloads are encoded using the Action Message Format.

Previously, I have used Deblaze and Charles Proxy to support these needs. On August 12, a new version of Burp Suite Pro was released. This version allows AMF messages to be encoded and decoded in the proxy, repeater, and other tabs (except Burp Intruder). Burp Scanner also supports placing attack payloads in flash remoting calls.

No comments: