[Owasp-ireland] Pen Testing Oracle Forms App

Fabio Cerullo fcerullo at owasp.org
Wed May 14 08:21:25 UTC 2014


This might help:



On Wednesday, May 14, 2014, Eoin Keary <eoin.keary at owasp.org> wrote:

> What issues are you having with Burp/Zap? I've tested oracle forms using
> both tools.
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> On 14 May 2014, at 09:06, Leo McCavana <leomccavana at hotmail.com<javascript:_e(%7B%7D,'cvml','leomccavana at hotmail.com');>>
> wrote:
> Hello Folks,
> I've been asked to take a look at pen testing an Oracle Forms app.  Bit of
> a departure from the usual web apps/services/mobile gig.  Does anybody have
> any advice about getting Oracle Forms to play ball with Burp (or ZAP)?
> It's running inside a web browser - and utilizes 'Oracle Fusion Middleware
> Forms Services'.  Given that modifying my browser proxy settings doesn't
> seem to work, I'm thinking about modifying my local hosts file to funnel
> traffic to Burp.  Has anybody done that for an Oracle Forms app?
> Also, if there is any specific 'gotchas' I need to be aware of when
> looking at Oracle forms, I'd be interested to learn from anybody who has
> been there and bought the t-shirt! :-)  I've had a really quick look on
> Google and there doesn't seem to be a great deal of stuff out there.
> Any and all recommendations would be much appreciated!
> Thanks,
> Leo
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org<javascript:_e(%7B%7D,'cvml','Owasp-ireland at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140514/9bd162e1/attachment.html>

More information about the Owasp-ireland mailing list