Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 7

Decompile Flash, Java applet and Silverlight
Attack requirement
1. Targeted functionality fully executed
on the client side.
2. Low complexity of application
bytecode.
Attack process
1. use Flare, JAD or Telerik decompiler
depending on the type of component.
The result will be ActionScript source
for Flare or Java for JAD.
2. review the source to identify any
attack points that will enable you to
reengineer the Flash object and bypass
any controls implemented within it.
3. modify the decompiled source to
change the behavior of the applet,
recompile it to bytecode, and modify
the source code of the HTML page to
load the modified applet in place of
the original.
2017-05-10
Send request to retrieve Flash component or java applet
Retrieve flash component or applet
Decompile
bytecode
and analyze
result
Recompile a
privileged
version Send a privileged request to get privileged response
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 7