Silverlight is a proprietary application framework created by Microsoft in 2007. Its purpose is similar to Flash by Adobe and enables the creation of Rich Internet Applications. Silverlight is available as Plug-In for different browsers (Chrome, Firefox and Internet Explorer) on the Windows and Mac OS platform [1].
RECOMMENDED: Use Silverlight in the 32-bit Internet Explorer process on x64 systems. Most browser plug-ins (including Silverlight, Flash, Java and almost all ActiveX controls) only work in 32-bit browsers currently. This software gives users ability to listen audio, watching animations/videos on Google Chrome, Safari and Firefox. Still figuring out, how you can get this for your Mac Laptop? It is incredibly easy to download and install Silverlight on Mac PC. How to Install it on MAC.
Display web pages using IE within Chrome. Use Java, Silverlight, ActiveX, Sharepoint, and more. IE Tab exactly emulates Internet Explorer, and enables you to test your web pages with different versions of IE (IE7 - IE11) Please note that IE Tab for Windows does require the use of a separate executable, ietabhelper.exe. Silverlight is a proprietary application framework created by Microsoft in 2007. Its purpose is similar to Flash by Adobe and enables the creation of Rich Internet Applications. Silverlight is available as Plug-In for different browsers (Chrome, Firefox and Internet Explorer) on the Windows and Mac OS platform 1. Microsoft Silverlight is a Browsers app for Mac devices developed by Windows. The latest version of Microsoft Silverlight is 5.1.50907 compatible with system version Windows 10 and higher. The last mod was released on 30-Jul-2019 and is available directly on ApkGain.com. Microsoft Silverlight is the property and trademark from the developer.
In security assessments you might get in touch with an application that is completely implemented in Silverlight. This post shows you some basic tests that can be executed and some tools you can use during an assessment.
Burp Plugins
There are two Plugins available for Burp. In 2011 GDSSecurity published a plugin in Java that is able to encode and decode WCF Binary SOAP data („Content-Type: application/soap+msbin1”) [2]. This plugin is still working in Burp 1.6.03 but the setup does need two instances of Burp connected in series if you want to edit request or response data. This is due to the fact that the plugin can only be used for encoding or decoding in one Burp instance. Therefore one Burp needs to decode the request, then you can edit the request, sent it to the next Burp that will encode the request again as WCF Binary SOAP data. The plugin can be used if you execute the following command within the directory of the plugin to start Burp:
java -Xmx512m -classpath BurpExtender.jar;.<path to burp>burpsuite_pro_v1.6.03.jar burp.StartBurp
In 2013 Nick Coblentz released a Python plugin for Burp that extended the work done by GDSSecurity so that only one instance of Burp is needed to edit the response and request of Silverlight requests [3]. Before loading the plugin, the location of the Python environment for Java (Jython) needs to be set within in Burp, therefore you need to navigate to „Extender/Options/Pyhton Environment“. You should download Jython 2.7beta in this case as Jython 2.5 is missing a module that the plugin is using [4]. As next step you can easily load the Pyhton script in Burp via „Extender/Burp Extensions/Add“ and after the plugin has loaded the request and response with „Content-Type: application/soap+msbin1“ will be decoded.
Fiddler
If you are using Fiddler, there is also a third-party extension that can be used to read and modify WCF binary messages that are used by Silverlight. You can download either the extension for Fiddler 2 or Fiddler 4 or modify the source and compile it yourself, as the whole source code is also available [5].
Silverlight Spy / XAML Spy
Besides attacking the communication by using an interception proxy like Burp or Fiddler, there is a tool dedicated for testing Silverlight applications called XAML Spy [6], the successor of Silverlight Spy [7]. In conjunction with .NET Reflector or other third-party decompiler tools it is possible to decompile Silverlight applications, like an application running in the browser or an offline application that is stored on client-side.
Silverlight Spy can be downloaded as a free version [10]. XAML Spy is only available as 21-day test version for evaluation. For productive testing you have to buy a license.
Test cases
When you test a Silverlight application you should have a look at the clientaccesspolicy.xml. There is also some documentation available from Microsoft about „HTTP Communication and Security with Silverlight“ that describes some basic hardening settings [8].
Silverlight For Chrome Mac Download
During decompiling a Silverlight application you should also investigate the Isolated Storage, if there is any sensitive information stored.
References
[1] http://en.wikipedia.org/wiki/Microsoft_Silverlight
[2] https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
[3] https://gist.github.com/sekhmetn/4504341
[4] http://www.jython.org/downloads.html
[5] https://github.com/waf/WCF-Binary-Message-Inspector
[6] http://xamlspy.com/
[7] http://firstfloorsoftware.com/silverlightspy
[8] http://msdn.microsoft.com/en-us/library/cc838250(v=vs.95).aspx
[9] http://abhartiya.wordpress.com/2012/07/06/pentesting-silverlight-applications/
[10] http://firstfloorsoftware.com/silverlightspy#download
SilverLight es la alternativa propuesta por Microsoft a Adobe Flash. Se presenta en forma de complemento para los distintos navegadores web que permite la reproducción de contenidos elaborados mediante esta tecnología.
Desde el punto de vista técnico, SilverLight es una implementación multibuscador y multiplataforma del framework .NET que tiene como objetivo la creación de aplicaciones web interactivas y multimedia.
Desde el panel de opciones de SilverLight se pueden activar/desactivar las actualizaciones automáticas, la reproducción de contenido protegido con DRM e indicar las aplicaciones web que podrán almacenar información en el disco duro.
NotasDesde el punto de vista técnico, SilverLight es una implementación multibuscador y multiplataforma del framework .NET que tiene como objetivo la creación de aplicaciones web interactivas y multimedia.
Desde el panel de opciones de SilverLight se pueden activar/desactivar las actualizaciones automáticas, la reproducción de contenido protegido con DRM e indicar las aplicaciones web que podrán almacenar información en el disco duro.
Uninstall Silverlight Mac
Para Mac OS X 10.4.8 o posterior. Los usuarios de Mac OS X equipados con chipset PPC deben descargar SilverLight 1.0