Sniffing Flash (Game) communication with Server

Lets get down to business on ASM, reverse engineering, product activation, and what it's really all about. [ THERE ARE NO WAREZ HERE ]
Post Reply
Posts: 1
Joined: Thu Jun 16, 2016 6:04 pm

Sniffing Flash (Game) communication with Server

Post by Deinos » Thu Jun 16, 2016 6:33 pm

Hi folks,

I'm new here but I hope you might help me. I'm trying to write a bot for a game and for that I need to understand what's happening when I click an object in the game.

I checked here in the forum but all I found is this quite old and not really conclusive thread: Topic-47353

I tried monitoring the traffic but same as my predecessor here, I can't see any communication going on apart from the initial swf downloads. Checked them with SoThink etc with the same lack of enlightenment.
I read that it might have to do with RTMP packets in this thread: ... n-in-flash

But I'm quite new in handling wireshark and I'm not sure if this would be the solution to my problem either.

So I'm hoping someone who knows about how flash client-server communication works, what part is simply client-computed eyecandy and what part is the actual signal send through the action of clicking.

In short I'd be happy if there is someone who could explain to me how flash works or at least gives me hints on deciphering the communication.

Thank you!

User avatar
Not a sandwich
Posts: 1898
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d

Re: Sniffing Flash (Game) communication with Server

Post by Cool_Fire » Thu Jun 16, 2016 7:40 pm

I don't know what game you're targeting, but assuming it is doing any communicating, you will be able to see it with wireshark. The real question is; will you be able to see anything useful? And as far as I'm aware this depends very much on the flash game itself, so it's very much a case of "try it and hope for the best".

I'd also recommend doing this in a very clean VM or a computer that's doing absolutely nothing else, since running wireshark on desktop pc under normal usage captures everything going over your network interface, which is lots and lots of packets, making it very time consuming if you don't know exactly what you're looking for already.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply