Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to intercept responses from Oracle ADF

Mithun | Last updated: Apr 14, 2016 06:56PM UTC

I am trying to intercept traffic on an application that has been built using Oracle ADF. I am observing in the Proxy history that some URLs are being rapidly replaced/deleted. When they get replaced, it looks like there is a redirect from URL A to B to C, but URLs A and B are not showing in the history and only URL C is showing. Also, some URLs show up for a fraction of a second and then disappear from the history. Is this something to do with the fact Oracle ADF based applications are not entirely compatible with Burp? Is there any Burp setting that can resolve this issue? Thanks, Mithun

PortSwigger Agent | Last updated: Apr 15, 2016 08:04AM UTC

If you ever see items appear in the Proxy history and then disappear, this is because of the view filter on the Proxy history. If the filter is hiding certain MIME types (which it does by default), then the item will briefly appear when the request is processed (no response yet) and then disappear when the response arrives and the MIME type is determined. Change the view filter to show all items and you should see everything that appears remain.

Burp User | Last updated: May 31, 2016 06:25PM UTC

Hi Team, My question is "Can we perform a vulnerability assessment on all oracle ERP based applications using burp". Please reply me. Thanks

PortSwigger Agent | Last updated: Jun 01, 2016 08:24AM UTC

We haven't tested Burp ourselves against Oracle ERP applications, but Burp is able to test all web applications that you can access via your browser.

Burp User | Last updated: Jun 12, 2018 02:31PM UTC

Hello, I noticed in the latest version of Oracle ADF buprsuite will record my login, but will not record my actions any further within Oracle ADF itself. I do get some actions that show up in the proxy, which are requests for for file downloads and such. but all of my actions now within my application aren't recorded. We recently upgraded our adf components to the latest and greatest that oracle has, so perhaps some setting needs set for me to record. Can you let me know some details Thanks, Jason

PortSwigger Agent | Last updated: Jun 12, 2018 02:35PM UTC

Hi Jason, A couple of things to check: 1) Your filter settings. In HTTP History, click the filter bar and select "Show All" 2) Proxy > Options > Miscellaneous > Don't send items to Proxy history or other Burp tools, if out of scope. You normally want this disabled.

Burp User | Last updated: Feb 01, 2019 03:59PM UTC

Hi there, I'm not sure how to reply back to an agent but I still can't get it to record adf faces pages. It recognizes the main URL but once I login to my page nothing gets picked up except the firefox detectbrowser request.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.