Download Silverlight Plugin For Mac

Posted on by



Silverlight is a proprietary application framework created by Microsoft in 2007. Its purpose is similar to Flash by Adobe and enables the creation of Rich Internet Applications. Silverlight is available as Plug-In for different browsers (Chrome, Firefox and Internet Explorer) on the Windows and Mac OS platform [1].

In security assessments you might get in touch with an application that is completely implemented in Silverlight. This post shows you some basic tests that can be executed and some tools you can use during an assessment.

Burp Plugins

Mac

There are two Plugins available for Burp. In 2011 GDSSecurity published a plugin in Java that is able to encode and decode WCF Binary SOAP data („Content-Type: application/soap+msbin1”) [2]. This plugin is still working in Burp 1.6.03 but the setup does need two instances of Burp connected in series if you want to edit request or response data. This is due to the fact that the plugin can only be used for encoding or decoding in one Burp instance. Therefore one Burp needs to decode the request, then you can edit the request, sent it to the next Burp that will encode the request again as WCF Binary SOAP data. The plugin can be used if you execute the following command within the directory of the plugin to start Burp:

About Silverlight. Microsoft Silverlight is a free web-browser plug-in that enables interactive media experiences, rich business applications and immersive mobile apps. Silverlight works on all major OS's plus all major browsers, including Firefox, Google Chrome, Safari, and yes, Internet Explorer. Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number. OpenSilver is a modern, plugin-free, open-source reimplementation of Silverlight, that runs on current browsers via WebAssembly. It uses Mono for WebAssembly and Microsoft Blazor. It brings back the power of C#, XAML, and.NET to client-side Web development.

java -Xmx512m -classpath BurpExtender.jar;.<path to burp>burpsuite_pro_v1.6.03.jar burp.StartBurp

In 2013 Nick Coblentz released a Python plugin for Burp that extended the work done by GDSSecurity so that only one instance of Burp is needed to edit the response and request of Silverlight requests [3]. Before loading the plugin, the location of the Python environment for Java (Jython) needs to be set within in Burp, therefore you need to navigate to „Extender/Options/Pyhton Environment“. You should download Jython 2.7beta in this case as Jython 2.5 is missing a module that the plugin is using [4]. As next step you can easily load the Pyhton script in Burp via „Extender/Burp Extensions/Add“ and after the plugin has loaded the request and response with „Content-Type: application/soap+msbin1“ will be decoded.

Fiddler

If you are using Fiddler, there is also a third-party extension that can be used to read and modify WCF binary messages that are used by Silverlight. You can download either the extension for Fiddler 2 or Fiddler 4 or modify the source and compile it yourself, as the whole source code is also available [5].

Silverlight Spy / XAML Spy

Besides attacking the communication by using an interception proxy like Burp or Fiddler, there is a tool dedicated for testing Silverlight applications called XAML Spy [6], the successor of Silverlight Spy [7]. In conjunction with .NET Reflector or other third-party decompiler tools it is possible to decompile Silverlight applications, like an application running in the browser or an offline application that is stored on client-side.

Silverlight Spy can be downloaded as a free version [10]. XAML Spy is only available as 21-day test version for evaluation. For productive testing you have to buy a license.

Test cases

When you test a Silverlight application you should have a look at the clientaccesspolicy.xml. There is also some documentation available from Microsoft about „HTTP Communication and Security with Silverlight“ that describes some basic hardening settings [8].

Download Silverlight Plugin For Mac

During decompiling a Silverlight application you should also investigate the Isolated Storage, if there is any sensitive information stored.

References

[1] http://en.wikipedia.org/wiki/Microsoft_Silverlight

[2] https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In

[3] https://gist.github.com/sekhmetn/4504341

Microsoft silverlight download for mac

[4] http://www.jython.org/downloads.html

[5] https://github.com/waf/WCF-Binary-Message-Inspector

[6] http://xamlspy.com/

[7] http://firstfloorsoftware.com/silverlightspy Flight simulator for mac free download.

[8] http://msdn.microsoft.com/en-us/library/cc838250(v=vs.95).aspx

[9] http://abhartiya.wordpress.com/2012/07/06/pentesting-silverlight-applications/

[10] http://firstfloorsoftware.com/silverlightspy#download

Install Silverlight For Mac

I was in the middle of watching Netflix when I got an error message:


'Silverlight Installation ProblemError Code: 2103

You have encountered an issue specific to Microsoft Silverlight, the software used to watch movies on the Netflix website. This issue is often resolved by uninstalling and then reinstalling Microsoft Silverlight on your computer.

Silverlight For Mac Os X

To uninstall Microsoft Silverlight on your Macintosh computer, please follow these steps:

After completing the above steps, attempting to Watch Instantly on www.netflix.com will prompt you to reinstall Microsoft Silverlight.'

Download Silverlight Plugin For Chrome

I spent the next hour uninstalling and reinstalling Silverlight to no avail. I finally gave up and watched it on Safari. But I prefer to use Firefox.

Microsoft Silverlight Download For Mac

I followed every tutorial I could find. It's activated under Add Ons. I have no idea why it wont work.