# Adobe SWF Investigator ### This tool allows us to decompile and investigate SWF files that we load in. ![](/files/-MlNL3Xjkj3TmRUznoR4) #### The Disassembler Tab allows us to do string searches: ![This may lead us to file names that we can search in the browser. ](/files/-MlNLJ-okR9bDpiJ278j) ## XSS Fuzzer: Under the SWF Inspector Utilities there is an XSS Fuzzer. ![](/files/-MlNM0iynDfPV63_jx9R) To use the XSS fuzzer. First load the swf in the inspector then save the loaded swf file to local disk. From here we can Load the SWF to the **Target SWF** and input our vars to fuzz at **FlashVars**. This would be something like `name=bob&redirect=alice`. #### Sample setup from ELS: ![](/files/-MlNN5epvTFnxh2q05q8) Results will be listed in the output tab. Vulns will be RED dots. In this case the redirect param is vulnerable to a javascript: context injection. ![](/files/-MlNNaVSq8ziX-3wimWU) To verify the injection, go back to the browser and try an alert box. ![](/files/-MlNNr5O7ihYJiYpLqs1) ## Cross-Domain Tester: Test if the cross-domain policy file will allow loading of certain domains. This is handy if we cannot view the crossdomain.xml page. \ 1\. Re-Map with default external domain first ![Re-Mapping with Defualts](/files/-MlNOCxT2QZXk2NL5uxU) 2\. Change URL to be the location of the page that calls/loads the swf file and then submit the request. ![](/files/-MlNOlMgBz6UsrU97Ab9) 3\. This failed so we can then try to load another subdomain context: ![And we see the output works](/files/-MlNPHF9xLZtEHaOT1c9) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.hackbook.io/web-application-hacking/web-techniques/click-jacking/adobe-swf-investigator.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.