Home

Awesome

ParrotNG ParrotNG Logo

ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461. For more details, please refer to the slides of our Troopers 2015 talk.

Download the latest release from HERE.

##Features

##How To Use - Command Line

  1. Download the latest ParrotNG from the release page
  2. Simply use the following command:
$ java -jar parrotng_v0.2.jar <SWF File | Directory>

The tool accepts a single SWF file or an entire directory.

ParrotNG CmdLine

##How To Use - Burp Pro Passive Scanner Plugin

  1. Download the latest ParrotNG from the release page
  2. Load Burp Suite Professional
  3. From the Extender tab in Burp Suite, add parrotng_v0.2.jar as a standard Java-based Burp Extension
  4. Enable Burp Scanner Passive Scanning
  5. Browse your target web application. All SWF files passing through Burp Suite are automatically analyzed

ParrotNG Burp