ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461
Java
Switch branches/tags
Nothing to show
Clone or download
ikkisoft and Luca Carettoni Minor edit
Latest commit 6833c57 Mar 19, 2015
Permalink
Failed to load latest commit information.
documents First Public Release Mar 19, 2015
src
.gitignore First Public Release Mar 19, 2015
LICENSE
README.md

README.md

ParrotNG ParrotNG Logo

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461. For more details, please refer to the slides of our Troopers 2015 talk.

Download the latest release from HERE.

##Features

  • Written in Java, based on swfdump
  • One JAR, two flavors: command line utility and Burp Pro Passive Scanner plugin
  • Detection of SWF files compiled with either a vulnerable Flex SDK version, patched by Adobe's tool or not affected

##How To Use - Command Line

  1. Download the latest ParrotNG from the release page
  2. Simply use the following command:
$ java -jar parrotng_v0.2.jar <SWF File | Directory>

The tool accepts a single SWF file or an entire directory.

ParrotNG CmdLine

##How To Use - Burp Pro Passive Scanner Plugin

  1. Download the latest ParrotNG from the release page
  2. Load Burp Suite Professional
  3. From the Extender tab in Burp Suite, add parrotng_v0.2.jar as a standard Java-based Burp Extension
  4. Enable Burp Scanner Passive Scanning
  5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed

ParrotNG Burp