2 Replies Latest reply on Sep 29, 2009 1:14 AM by jake_flex

    Mimicking a Flex app to pull data?

    matt@teikena.com

      I have a client who is using an enterprise Flex application, but the company who produced and hosts the application is discontinuing the product and trying to have customers migrate to a new platform.  My client would like to extract their business logic and details from this application, but there is no easy way to export the data from the flex app.

       

      My idea, and this is where I need advice, is to sniff out the calls being made from the flex app to the server, and then create a shell of a flex app which mimics the app... logs in, loops through and requests the data, and stores the results to a database.

       

      First question is the encryption, it is TLSv1.  How do I get the key to use to decrypt the packets.  My client does have access through the flex app to their own data of course.

       

      Then, once I can get the key and decrypt the packets, will the procedure calls be plain text, or some sort of byte code?

       

      Please help... this will save a lot of time and energy if I can figure this out... I have multiple clients in the same situation.

        • 1. Re: Mimicking a Flex app to pull data?
          matt@teikena.com Level 1

          Nobody?  Can anyone guide me to where I might be able to get this answered?  Thanks

          • 2. Re: Mimicking a Flex app to pull data?
            jake_flex Level 2

            matt@teikena.com wrote:

            First question is the encryption, it is TLSv1.  How do I get the key to use to decrypt the packets.  My client does have access through the flex app to their own data of course.

            You probably need understand how the encryption works in order to get an answer to this. Wikipedia has an article on this

             

            Then, once I can get the key and decrypt the packets, will the procedure calls be plain text, or some sort of byte code?

             

            This of course depends on how the communication between the client and server is implemented. If the server is using Blaze DS for example, then the data is binary. In case the protocol is plain HTTP or something on top of it, you should be able to read the data after decrypting it.