WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Paros v3.0 for web application security assessment

From: <contact () proofsecure com>
Date: 6 Aug 2003 13:22:40 -0000


Paros v3.0 is now available from
http://www.proofsecure.com/download.htm

Paros is a proxy which acts as a man-in-the-middle
between web server and your PC. With this tool, you can
easily intercept and modify both HTTP and HTTPS/SSL
data passing through, including header(cookies) and
body content(form fields). You can use it to test the
security of your web application.  Its features include
Spider, website hieararchy analysis, message
interception, on-the-fly HTTP(S) filters and
vulnerabilty scanning.

The first Paros version (v1.0) was released in Aug
2002. For nearly one year's developement, lots of
enhancements was added to it and it is now very stable
and fast.

Note that the functions in v3.0 are the same as that in
v2.2.  The only difference is the license change (see
below).

[System Requirement]
Platform independent (It can be run on all platform
with Java JRE 1.4.x installed)

[License]
Paros v3.0 is under Clarified Artistic License (open
source and GPL-compatible license).

[Features]
- Spider feature added.
- Support HTTP 1.1 connections 
- Auto-scan for cross-site scripting (XSS)
vulnerability on website after navigation. 
- Website hierarchy - Capture hierarchy of websites
while you are navigating.
- Trap function - intercept and manipulate HTTP and
HTTPS requests/responses easily with tabular view.
- Filter function - detect, alert and log patterns in
HTTP messages for manipulation. The current filters can
record cookies, GET queries and POST queries.
- Scan function - scan for server mis-configuration
such as directory indexable, obsolete files.
- Logs - log all HTTP request/response content for your
review.
- Client certificate support - allow to import client
certificate for handshaking or logon
- Utilities to convert message format in SHA1, MD5 and
Base64

[Installation]
1. Download the program from http://www.proofsecure.com
2. Unzip the downloaded file and run the .jar program
(type 'javaw -jar paros.jar'). For windows platform,
the Windows installer version is recommended for easy
installation.

[Documentation]
Get The user guide from
http://www.proofsecure.com/download.htm

Queries, bug reports and comments on Paros can be sent
to paros () proofsecure com


by ProofSecure.com (contact () proofsecure com)
Previous By Date Next
Previous By Thread Next

Current thread: