‘Forging HTTP Request Headers with Flash ActionScript’


This write-up presents the mechanism that can be used to send arbitrary HTTP requests via Flash ActionScript. The security consequences for this ability are also discussed here.’


‘The information has been provided by http://www.adobe.com/products/player_census/flashplayer/tech_breakdown.html

[2] ‘Macromedia Flash Player Version Penetration’ (Adobe website) http://www.adobe.com/products/player_census/flashplayer/version_penetration.html

[3] ‘Re: ‘Exploiting the XmlHttpRequest object in IE’ – paper by Amit Klein’ by Anonymous, BugTraq posting, September 27th, 2005http://www.securityfocus.com/archive/1/411823

[4] ‘Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1’ by Thiago Zaninotti, BugTraq posting, May 8th, 2006 http://www.securityfocus.com/archive/1/433280

[5] ‘Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1’ by Amit Klein, BugTraq posting, May 18th, 2006 http://www.securityfocus.com/archive/1/434729

[6] ‘Client Side Trojans’, Zope developers mailing list, May 2000 http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan

[7] ‘Cross Site Request Forgeries’ by Peter Watkins, BugTraq posting, June 15th, 2001 http://www.tux.org/~peterw/csrf.txt

[8] ‘Exploiting the XmlHttpRequest object in IE – Referrer spoofing, and a lot more…’ by Amit Klein, BugTraq posting,
September 24th, 2005 http://www.securityfocus.com/archive/1/411585

[9] ‘Adobe Flash Player 9 Leads a New Generation of Dynamic Media and Rich Internet Applications’ (Adobe website), June 28th, 2006 http://www.adobe.com/aboutadobe/pressroom/pressreleases/200606/062806Flash9.html

[10] ‘HTTP Request Smuggling’ by Chaim Linhart, Amit Klein, Ronen Heled and Steve Orrin, June 6th, 2005 http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf

Categories: Reviews