[FlashMove]

This tool is similar in concept to any multi-purpose tool. It is a collection of simple tools to allow you to quickly address common problems. SWF Investigator's disassembler isn't meant to replace all the features of a high-end, commercial decompiler. However, if you just need a quick overview of the SWF, then this tool has all the features necessary to give you the basic information and perform some quick tests.

Adobe SWF Investigator includes the capability to view the SWF tags, disassemble the ActionScript, and provide a binary view of the SWF. You can also view information related to SWFs such as LSOs and settings files. From a dynamic perspective, you can load files from the local file system into the security context of your domain and with the parameters of your choosing. You can then interact with the SWF as it is running. From a security perspective, the tool includes functionality to test for cross-site scripting vulnerabilities and perform simple fuzzing on AMF services. There are also a few supporting utilities such as a basic ActionScript 3.0 compiler and a simple web server.

Authoring the tool in ActionScript has several advantages. One advantage is that I can achieve more natural interactions with SWF content by using the Flash runtime engine than I would with a Java application. Another advantage is that, as an open-source ActionScript-based application, the tool will be easier for SWF developers to understand and extend. My hope is that developers will quickly want to build on the tool's foundation to meet their more advanced needs. One of the major goals for this project is to provide an easily extensible framework for SWF testing that could be easily modified to meet specific needs by the ActionScript developer community.

This tool is mostly targeted at developers with enough SWF application experience to understand the numerous ActionScript development technical references within the application. However, tool tips were included for many fields as well as a help guide. Having access to the source should also help in understanding any ambiguities. While the overall project is large, it is in essence just a collection of many small components. I will soon post videos that demo the application's functionality.
SWF Investigator