We got a flash game project from a third-party company, and we had the source code of the actionscript3.0. Once we compile it and make it work, our users would play the game in their browser.

I am afraid that the flash will send our users' information to their third-party server in the mean while it contract with our server. Maybe it would send the user's information via TCP/UDP, so Firebug can't help me in this case...

I was planing to search the source code in order to find some 'evil' code, but I am no t familiar with actionscript. Anyone could give me some advice?

Thanks in advance.

_______________________________________________________________
Nature is wonderful!
One million years ago, she didn't know our going to need glasses.
But look where she put our ears!

I'm not familiar with actionscript either but I would use a packet sniffer like wireshark.



Edited 3 time(s). Last edit at 05/06/2009 04:49AM by Reiners.

Use HP's swf tool to decompile the code and I think it references external urls but if you scan through the code it should become obvious if it connects to external sites if you know actionscript or not.

http://tinyurl.com/dx7k5p

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]