Fiddler AMF Parser: Debugging Flash and Flex Remoting Protocols
Fiddler is a widely used web debugging proxy. It captures HTTP and HTTPS traffic between your computer and the internet. Developers and security testers use it to inspect data packets. One of its powerful features is the ability to parse complex data formats, including Action Message Format (AMF).
Action Message Format is a binary format. Adobe Flash and Apache Flex applications use it to send data. It connects the client-side user interface with backend servers. Because AMF is binary, raw traffic looks like unreadable symbols in a standard text editor. The Fiddler AMF Parser solves this problem by translating binary streams into human-readable data. How AMF Works
AMF allows for efficient serialization of object graphs. It transmits data fast by compressing object properties and types into a compact binary layout. There are two main versions:
AMF0: The original format used by early Flash Player versions.
AMF3: An optimized version introduced with ActionScript 3.0, which reduces payload size by sending redundant string and object references as index pointers.
When a Flash application communicates with a server via Flash Remoting or Blazeds, it sends AMF payloads. Without a dedicated parser, debugging these requests is nearly impossible. Features of the Fiddler AMF Parser
Fiddler handles AMF data natively through its internal inspectors. The tool breaks down the complex binary structures into clear visual elements. The Inspectors Tab
When you select a web request containing AMF traffic, Fiddler detects the content type automatically. It activates the AMF Inspector tab in both the Request and Response panels. Tree-View Hierarchy
The parser organizes the binary payload into an interactive tree structure. You can expand nodes to view: Remote procedure call (RPC) method names. Service destinations. Strict arrays and associative arrays.
Object properties, class names, and data types (e.g., Strings, Booleans, Numbers). Header Inspection
AMF packets often include specialized headers for routing or session management. The parser extracts these headers so you can verify authentication tokens and transaction IDs. Use Cases for Developers and Penetration Testers
The AMF Parser is essential for anyone maintaining legacy web systems or auditing rich internet applications (RIAs).
Troubleshooting Data Mismatches: Developers can verify if the frontend is mapping object properties correctly to backend database entities.
Performance Optimization: By viewing the exact size and structure of the AMF payload, developers can eliminate redundant object properties to save bandwidth.
Security Auditing: Penetration testers use the parser to identify vulnerabilities like parameter pollution, insecure deserialization, and business logic flaws hidden inside the binary stream. Tips for Advanced Debugging
To get the most out of parsing AMF traffic in Fiddler, combine the inspector with other built-in features:
FiddlerScript: Write custom scripts to automatically flag AMF packets that contain specific error codes or slow response times.
Request Composer: Drag an existing AMF request into the Composer tab to modify the underlying variables and replay the request to test server-side validation.
Breakpoints: Set a request breakpoint on AMF endpoints to pause traffic, alter the parameters inside the AMF tree view, and send the tampered data to the server.
While modern web development has largely shifted toward JSON and REST APIs, AMF remains critical in enterprise legacy environments. Fiddler’s ability to decode this binary protocol ensures that older Flash and Flex applications do not remain a black box during maintenance or security evaluations. To help tailor this article or expand it, let me know:
What is the target audience for this article? (e.g., beginner developers, security researchers)
Do you need step-by-step instructions on how to enable or use the inspector?
Leave a Reply