WebApp Sec mailing list archives
Paros v3.0 for web application security assessment
From: <contact () proofsecure com>
Date: 6 Aug 2003 13:22:40 -0000
Paros v3.0 is now available from http://www.proofsecure.com/download.htm Paros is a proxy which acts as a man-in-the-middle between web server and your PC. With this tool, you can easily intercept and modify both HTTP and HTTPS/SSL data passing through, including header(cookies) and body content(form fields). You can use it to test the security of your web application. Its features include Spider, website hieararchy analysis, message interception, on-the-fly HTTP(S) filters and vulnerabilty scanning. The first Paros version (v1.0) was released in Aug 2002. For nearly one year's developement, lots of enhancements was added to it and it is now very stable and fast. Note that the functions in v3.0 are the same as that in v2.2. The only difference is the license change (see below). [System Requirement] Platform independent (It can be run on all platform with Java JRE 1.4.x installed) [License] Paros v3.0 is under Clarified Artistic License (open source and GPL-compatible license). [Features] - Spider feature added. - Support HTTP 1.1 connections - Auto-scan for cross-site scripting (XSS) vulnerability on website after navigation. - Website hierarchy - Capture hierarchy of websites while you are navigating. - Trap function - intercept and manipulate HTTP and HTTPS requests/responses easily with tabular view. - Filter function - detect, alert and log patterns in HTTP messages for manipulation. The current filters can record cookies, GET queries and POST queries. - Scan function - scan for server mis-configuration such as directory indexable, obsolete files. - Logs - log all HTTP request/response content for your review. - Client certificate support - allow to import client certificate for handshaking or logon - Utilities to convert message format in SHA1, MD5 and Base64 [Installation] 1. Download the program from http://www.proofsecure.com 2. Unzip the downloaded file and run the .jar program (type 'javaw -jar paros.jar'). For windows platform, the Windows installer version is recommended for easy installation. [Documentation] Get The user guide from http://www.proofsecure.com/download.htm Queries, bug reports and comments on Paros can be sent to paros () proofsecure com by ProofSecure.com (contact () proofsecure com)
Current thread:
- Paros v3.0 for web application security assessment contact (Aug 06)