|
List Info
Thread: Flash in Director sniffer
|
|
| Flash in Director sniffer |
 
United States |
2007-03-20 13:20:31 |
Just wondering if the flash communcatoin to director (using
the GET URL) can be sniffed out?
We are doing a login currently in director but soon using
SmartFoxServer to do the login. And if login is successfull
then flash will do a goto frame command using the get URL to
director.
So just wanted to make sure that is safe as we had problems
in the past with login for shockwave, database games.
I hate to find out the hacker can just see a url command
from flash to director and repost that to by pass the login
next time.
Thanks
-T
---------------------------------
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to
find flight and hotel bargains.
_______________________________________________
dirGames-L mailing list - dirGames-L nuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
United States |
2007-03-20 13:43:36 |
At 11:20 AM -0700 3/20/07, Hipolito Troy wrote:
>I hate to find out the hacker can just see a url command
from flash
>to director and repost that to by pass the login next
time.
I think it would be easy to see the link as it's sent.
Perhaps you
should time code it, and have the link fail if too much time
has
passed.
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
 
Germany |
2007-03-20 13:59:25 |
I'm not sure if I completely understood your question, but
if someone
uses a TCP sniffer tool, like e.g. the free SmartSniff from
http://www.nirsoft.net/,
he can sniff ANY tcp traffic, no matter which
application (flash, director, browser,...) it belongs to. I
guess the
only way to prevent this is using encryption (like https).
cheers,
valentin
Hipolito Troy wrote:
> Just wondering if the flash communcatoin to director
(using the GET
> URL) can be sniffed out?
>
> We are doing a login currently in director but soon
using
> SmartFoxServer to do the login. And if login is
successfull then
> flash will do a goto frame command using the get URL to
director.
>
> So just wanted to make sure that is safe as we had
problems in the
> past with login for shockwave, database games.
>
> I hate to find out the hacker can just see a url
command from flash
> to director and repost that to by pass the login next
time.
>
> Thanks
> -T
>
>
> ---------------------------------
> Finding fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel sites
to find flight
> and hotel bargains.
_______________________________________________
> dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
> http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
United States |
2007-03-22 12:13:45 |
Valentin Schmidt wrote:
> I'm not sure if I completely understood your question,
but if someone
> uses a TCP sniffer tool, like e.g. the free SmartSniff
from
>
> Hipolito Troy wrote:
>> Just wondering if the flash communcatoin to
director (using the GET
>> URL) can be sniffed out?
I don't believe that the GetURL issued from a Flash movie is
an actual
TCP message. It's a communication from the movie to the host
application.
Flash movies played within a browser window send the URI
data to the
browser via the Flash Player, which manages and handles the
actual TCP
communication. In a standalone Flash application, the TCP
management is
handled by the projector resources.
A Flash sprite communicates with its host application
(Director) via the
Flash Asset Xtra. I seriously doubt that the data sent
between the Flash
sprite and Director host application is via TCP. GetURL just
happens to
be the function name Flash used for external calls, and it's
a legacy of
the limited scripting language set of Flash's origins.
That's not to say that you couldn't use tools to spot the
data in memory
or if you sent the URI from Director, or if you used some of
the less
antique network functions in Flash, but I don't think you'll
see any
TGCP activity from a Flash sprite issuing a GetURL call.
--
-------------------------------------------------
Darrel Plant, dplantmoshplant.com
www.moshplant.com | www.darrelplant.com
503.490.1388 (cell)
"Those who do not learn from history are stupid."
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
Germany |
2007-03-22 13:35:26 |
Darrel Plant wrote:
> Valentin Schmidt wrote:
>> I'm not sure if I completely understood your
question, but if someone
>> uses a TCP sniffer tool, like e.g. the free
SmartSniff from
>>
>> Hipolito Troy wrote:
>>> Just wondering if the flash communcatoin to
director (using the GET
>>> URL) can be sniffed out?
>
> I don't believe that the GetURL issued from a Flash
movie is an actual
> TCP message. It's a communication from the movie to the
host
> application.
ahh, I see, so hipolito was talking about using getURL with
those
special "lingo:..." URLs, right? of course you are
absolutely right
then, this has nothing to do with TCP. just ordinary
getURL("http://...") calls could be
sniffed that way (no matter which
app actually handles the TCP communication).
cheers,
valentin
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
United States |
2007-03-22 17:44:30 |
Valentin Schmidt wrote:
> ahh, I see, so hipolito was talking about using getURL
with those
> special "lingo:..." URLs, right? of course
you are absolutely right
> then, this has nothing to do with TCP. just ordinary
> getURL("http://...") calls could be
sniffed that way (no matter which
> app actually handles the TCP communication).
If you try a getURL("http://...") from a Flash
sprite inside Director,
you won't get anything. Not even an error message.
In a browser, it would tell the browser to navigate to the
address. In a
projector, it launches the browser.
In a Director movie or a projector, it just sits there,
because the
Flash Asset Xtra only passes strings that begin with
"event" and "lingo"
through to Director.
--
-------------------------------------------------
Darrel Plant, dplantmoshplant.com
www.moshplant.com | www.darrelplant.com
503.490.1388 (cell)
"Those who do not learn from history are stupid."
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
Germany |
2007-03-22 18:07:59 |
you are right, sorry, I should have looked it up before
posting. What I
said about general TCP sniffing in flash only makes sense
for
loadMovie(), XML's load() method etc., but not for getURL
(unless it's
called inside a browser, then a sniffer will see the browser
request)
the reason I forgot about getURL() with "event:"
or "lingo:" urls for
flash->dir communication is that nowadays I usually just
use setCallback
in director for this purpose.
cheers,
valentin
Darrel Plant wrote:
> Valentin Schmidt wrote:
>> ahh, I see, so hipolito was talking about using
getURL with those
>> special "lingo:..." URLs, right? of
course you are absolutely right
>> then, this has nothing to do with TCP. just
ordinary
>> getURL("http://...") calls could be
sniffed that way (no matter which
>> app actually handles the TCP communication).
>
> If you try a getURL("http://...") from a Flash
sprite inside Director,
> you won't get anything. Not even an error message.
>
> In a browser, it would tell the browser to navigate to
the address.
> In a projector, it launches the browser.
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
| Re: Flash in Director sniffer |
United States |
2007-03-23 11:39:07 |
Valentin Schmidt wrote:
> flash->dir communication is that nowadays I usually
just use setCallback
> in director for this purpose.
Oooooh, fancy! 
--
-------------------------------------------------
Darrel Plant, dplantmoshplant.com
www.moshplant.com | www.darrelplant.com
503.490.1388 (cell)
"Those who do not learn from history are stupid."
_______________________________________________
dirGames-L mailing list - dirGames-Lnuttybar.drama.uga.edu
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames
-l
|
|
[1-8]
|
|