Port scanning in ActionScript 3.0 without DNS rebinding

Không cần DNS Rebinding vẫn có thể scan port bằng ActionScript 3.0:
In AS3 Adobe introduced a new socket-related event called SecurityErrorEvent. This event is always thrown when a Flash Player tries to connect to a socket that it is not allowed to connect to.

The Problem with the SecurityErrorEvent is that it's thrown immediately when a Flash Player tries to connect to a closed TCP port. If a service is listening on that port the Flash Player writes the string "" and waits for response from the service. Nearly no TCP-service will respond to this request.

We can assume the following: When trying to connect to a socket that the SWF is not allowed to and it doesn't get a SecurityErrorEvent within 2 seconds the port is most likely open.

A new Flash player instance is used for every probed port because the Flash Player sends only one policy-file request per player per host per port.


Anonymous said…
Hva đang bị DDOS nghiêm trọng phải không thaidn.Nguyên ngày hôm nay không try cập được vào hvaforum.net.
Lý Tầm Hoan said…
Adobe ra bản Flash 9 thật là con dao 2 lưỡi.
Anonymous said…
Tôi xin chia sẻ 1 site sưu tầm nhiều widget hữu ích : http://4all2all.blogspot.com/search/label/Widgets
Anonymous said…
Xin hoi cac anh Bkav phien ban moi co cai rootkit va back door co dung k0 a. Em thay mac du da remove bkav roi nhung o windows\system 32 van con 2 file bkav*.* 1 file nang 4MB , 1 file nang 35KB