Tool to intercept data between Flash and PHP

Question

I've been developing some APIs for communication between some PHP services and ActionScript 3.

I know that there are a number of ways to intercept data that is being sent from Flash to a PHP script, manipulate it and then continue the send with the manipulated data. This is probably the simplest way to cheat on highscore tables.

Obviously this can't be avoided, but I can make it difficult and not worthwhile for most people to decipher.

What I want to know is:

What tools can I use to do the above (intercept and see the data I'm sending to PHP)? I'm not even sure how this is done to be honest. Is there a GUI or a browser plugin that I can use?

The goal is to observe and strengthen the 'encryption' of data that will be send between ActionScript and my PHP services.

Answer 1

If you are using Windows, check out Fiddler. It's a superhandy tool for anyone doing any type of web development or debugging.

You can use it to set breakpoints on requests and edit them before letting them go to the server etc, etc.

Fiddler is an HTTP proxy (not a low-level packet sniffer), so it's much easier to use than something like Wireshark when you are snooping on pure HTTP traffic.

Edited to add: I would try to ensure that scores etc are calculated (or validated) on the server, so that there's nothing useful to gain by manipulating the messages.

Answer 2

Use a TCP proxy, such as TcpCatcher, or Wireshark which will allow you to view packets as they are sent and received from and to both parties.

As for "encryption", you cannot encrypt enough to avoid people from "seeing" your data, but you can make it hard and not worth while.