0

I am intercepting HTTP request/response from an Adobe Shockwave-based web music player application using Chrome Dev tools. When I click the Play button on music player, HTTP request headers like following are raised:

POST /some_url HTTP/1.1
Host: something.com
Connection: keep-alive
Content-Length: 103
Origin: http://something.com
X-Requested-With: ShockwaveFlash/22
User-Agent: Mozilla
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://something.com/player.swf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

And Form data looks like following:

param1=561a0d9452069h76fhg46h67a599e8gy34nlj=
param2=something

Now, is there any way to know from where this param1=561a0d9452069h76fhg46h67a599e8gy34nlj= form data came from and how it is generated? If it's some kind of encrypted string or a token, how this is done?

Thank you for your answers

Forthaction
  • 264
  • 1
  • 3
  • 13

1 Answers1

1

The HTTP request would have come from a URLRequest in ActionScript, which passes the data in key/value pairs. You could have a look at using SWFWire Inspector to decompile the code.

Gideon Pyzer
  • 22,610
  • 7
  • 62
  • 68
  • Thanks for your answer. I found the code that generated the param1 token, however, it will only run inside flash or a web browser (as far as I think). Is there any way to run that code inside terminal or convert it into another programming language code? – Forthaction Aug 15 '16 at 22:22
  • @forthaction If you know what the code is doing, you can of course just code it in a language of your choice to get the output. You could check out [AS3JS](http://as3js.org/), a transpiler for converting ActionScript 3 to JavaScript. Not sure how good it is. – Gideon Pyzer Aug 15 '16 at 22:38
  • Thank you @Gideon for the answer. This is exactly what I was looking for. – Forthaction Aug 20 '16 at 07:10