Skip to content

Instantly share code, notes, and snippets.

@spipm

spipm/Oracle Forms hacking setup.md

Last active March 6, 2025 08:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save spipm/f92ab4ae97489056203419fa6063058d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save spipm/f92ab4ae97489056203419fa6063058d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Oracle Forms hacking setup.md

1. Build plugin

Clone plugin from https://github.com/silentsignal/oracle_forms/

Edit script for Python 3 (see pull request)

if ctx.options.corrupt_handshake:
    flow.response.content = flow.response.content.replace(b'Mate', b'Matf')

Download /forms/java/frmall.jar, put in OracleFormsSerializer/lib

Download JDK 19 to compile jar

 export JAVA_HOME=/home/user/Downloads/jdk-19.0.2
 ./gradlew shadowJar

2. Configure applet runner

Download java 1.7 jdk

Import burp cert in java (pwd = changeit)

./keytool -importcert -keystore ../../jdk1.7.0_80/jre/lib/security/cacerts -file ~/Desktop/burp.der

Enable debug settings and network proxy settings in ./javaws -viewer

3. Run burp, mitmproxy and jnlp

Start Burp, load Burp plugin, set upstream proxy to 8081 (plugin builds to OracleFormsSerializer/build/libs/OracleFormsSerializer-1.0-SNAPSHOT-all.jar)

mitmdump -s mitmproxy_oracleforms.py -p 8081

Launch (add -J-Djavax.net.debug=all for tls debugging) from java 1.7 jdk

./javaws ~/Downloads/forms.jnlp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment