[Owasp-ireland] Pen Testing Oracle Forms App

Eoin Keary eoin.keary at owasp.org
Wed May 14 21:54:48 UTC 2014


+1

Eoin Keary
Owasp Global Board
+353 87 977 2988


On 14 May 2014, at 09:51, Rahim Jina <rahim.jina at owasp.org> wrote:

> Depending on how it's setup, try setting the proxy in the Java control panel.
> 
> Rahim
> 
> Sent from my iPhone
> 
> On 14 May 2014, at 09:06, Leo McCavana <leomccavana at hotmail.com> wrote:
> 
>> Hello Folks,
>> 
>> I've been asked to take a look at pen testing an Oracle Forms app.  Bit of a departure from the usual web apps/services/mobile gig.  Does anybody have any advice about getting Oracle Forms to play ball with Burp (or ZAP)?  It's running inside a web browser - and utilizes 'Oracle Fusion Middleware Forms Services'.  Given that modifying my browser proxy settings doesn't seem to work, I'm thinking about modifying my local hosts file to funnel traffic to Burp.  Has anybody done that for an Oracle Forms app?
>> 
>> Also, if there is any specific 'gotchas' I need to be aware of when looking at Oracle forms, I'd be interested to learn from anybody who has been there and bought the t-shirt! :-)  I've had a really quick look on Google and there doesn't seem to be a great deal of stuff out there.
>> 
>> Any and all recommendations would be much appreciated!
>> 
>> Thanks,
>> 
>> Leo
>> _______________________________________________
>> Owasp-ireland mailing list
>> Owasp-ireland at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-ireland
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140514/f2af2e2d/attachment.html>


More information about the Owasp-ireland mailing list