If you need to investigate the inner workings of an SWF applet then there are plenty of great free tools around which can help (Flashbug being particularly useful). It seems these are now going to have some major and official competition, though, as Adobe Labs have just released a major inspection tool of their own in the new SWF Investigator.
Open the SWF file of your choice – either locally, or online – and the program will tell you much more about it. The SWF Info tab displays its tags, exported classes and header information; the Disassembler works with ActionScript 2.0 or 3.0 content to give you an idea of the original code; the Hex Viewer allows you to view and edit the raw SWF bytes, and the Strings pane displays any embedded strings within ActionScript 3.0 content.
SWF Investigator isn’t just about passively reporting on a file, though. The Viewer can be used to load and display your applet in different HTML configurations, and with custom FlashVars and allowScriptAccess settings. And the Inspector goes further still, particularly with ActionScript 3.0 code, as it works something like a debugging tool: you can retrieve data values, modify them to suit your needs and call functions as necessary.
And the Utilities menu contains even more powerful functions: a binary editor, basic ActionScript 3.0 compiler, a fuzzer to test for common XSS vulnerabilities, a mini web server and more.
The presentation of all this is a little, well, basic, but then this is still a beta. SWF Investigator already has plenty of features, though, and if you’ve even needed to know more about what a Flash applet is doing then the program should be very useful.
This article originally appeared at softwarecrew.co.uk
