Skip to content
Proof of concept code (which means poor code quality) for a proxy abusing unrestricted cross domain policies.
Branch: master
Clone or download
Pull request Compare This branch is 1 commit ahead, 6 commits behind eoftedal:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This is a Proof-Of-Concept and thus the code quality is very poor
and it has some limitations (see below).
Any help in approving it appreciated.

Brief overview
The backend is what the attacker's browser connects to on port 8080
The silverlight or flex RIA connects to the backend on a seperate
download port. This port is set when starting the backend, and it
must be 4502-4530 for silverlight (for flex it can be almost any port).
The backend forwards the url to either the flex/silverlight RIA which
runs in the victim's browser. The RIA downloads the data on behalf of
the victim (using the victim's cookies etc.), and passes the data back
to the backend, which then sends it back to the attacker.

To be able to connect to a socket, the flex or silverlight RIA tries
to download a socket policy file on port 843 and 943 respectively.
So the backend listens on these ports and supplies files as needed.
If the flex RIA is not able to connect to 843, it will try to download
the socket policy through the download port mentioned above.

Current limitations
- The proxy runs the requests as a FIFO - not multithreaded

You can’t perform that action at this time.