Tools for hacking Flex data connections

views:

265

answers:

Tools for hacking Flex data connections

I'm in the process of building a test plan for validating the security of our Flex/J2EE application. I believe we have some issues with trusting the Flex application too much, but I need to be able to quantify those issues.

The ideal way would be a way to show me making data service calls outside of the application. Are there tools or instructions for how one might go about doing this? I really don't want to find these things out after we release to our beta customers. :)

Fiddler on Windows is great for monitoring http connections.

apphacker 2009-04-14 22:39:55

First, give the port on which Flex communicates to the J2EE server, then using Ethereal or Wireshark you can watch if it use an encrypted channel :-)

Steel Plume 2009-04-14 22:39:57

+1 A:

Charles is an excellent HTTP debugging proxy which can parse AMF data and display it as a tree. You can also set "breakpoints" to intercept a HTTP call and modify the AMF data in either the request or response.

http://www.charlesproxy.com/

cliff.meyers 2009-04-15 15:00:49

ansaurus

tags:

views:

answers:

Tools for hacking Flex data connections

related questions