[Owasp-ireland] Pen Testing Oracle Forms App

Leo McCavana leomccavana at hotmail.com
Wed May 14 08:06:46 UTC 2014

Hello Folks,

I've been asked to take a look at pen testing an Oracle Forms app.  Bit of a departure from the usual web apps/services/mobile gig.  Does anybody have any advice about getting Oracle Forms to play ball with Burp (or ZAP)?  It's running inside a web browser - and utilizes 'Oracle Fusion Middleware Forms Services'.  Given that modifying my browser proxy settings doesn't seem to work, I'm thinking about modifying my local hosts file to funnel traffic to Burp.  Has anybody done that for an Oracle Forms app?

Also, if there is any specific 'gotchas' I need to be aware of when looking at Oracle forms, I'd be interested to learn from anybody who has been there and bought the t-shirt! :-)  I've had a really quick look on Google and there doesn't seem to be a great deal of stuff out there.

Any and all recommendations would be much appreciated!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140514/b2d457d9/attachment.html>

More information about the Owasp-ireland mailing list