Paros v3.0.2 for web application security assessment

[<contact () proofsecure com>]

Paros v3.0.2 is now available from http://www.proofsecure.com/download.htm

[Paros Introduction]
Paros is a proxy which acts as a man-in-the-middle between web server and your PC. With this tool, you can easily 
intercept and modify both HTTP and HTTPS/SSL data passing through, including header(cookies) and body content(form 
fields). You can use it to test the security of your web application.  Its features include spider, website hieararchy 
analysis, message interception, on-the-fly HTTP(S) filters and vulnerabilty scanning.

The first Paros version (v1.0) was released in Aug 2002. For more than one year's developement, lots of enhancements 
was added and it is now very stable and fast.


[System Requirement]
Platform independent (It can be run on all platform with Java JRE 1.4.x installed)


[License]
Clarified Artistic License (open source and GPL-compatible license)


[New Features in v3.0.2]
- Improved SQL injection check
- Added default file check for JRUN
- Added default files check for IIS 4, IIS 5 and IIS 6
- Added default files check for ColdFusion
- Added "ReplaceResponseHeader" filter to automatically change pattern in response header 
  (To set the pattern, click on the filter name under the "Functions" column of Filters panel)
- Added "ReplaceResponseBody" filter to automatically change pattern in response body
- Fixed a problem for default file check with "Scan All" function


[Basic Features]
- Spider feature added.
- Support HTTP 1.1 connections 
- Auto-scan for cross-site scripting (XSS) vulnerability on website after navigation. 
- Website hierarchy - Capture hierarchy of websites while you are navigating.
- Trap function - intercept and manipulate HTTP and HTTPS requests/responses easily with tabular view.
- Filter function - detect, alert and log patterns in HTTP messages for manipulation. The current filters can record 
cookies, GET queries and POST queries.
- Scan function - scan for server mis-configuration such as directory indexable, obsolete files.
- Logs - log all HTTP request/response content for your review.
- Client certificate support - allow to import client certificate for handshaking or logon
- Utilities to convert message format in SHA1, MD5 and Base64


[Installation]
1. Download the program from http://www.proofsecure.com
2. Unzip the downloaded file and run the .jar program (type 'javaw -jar paros.jar'). For windows platform, the Windows 
installer version is recommended for easy installation.


[Documentation]
Get The user guide from http://www.proofsecure.com/download.htm


Queries, bug reports and comments on Paros can be sent to paros () proofsecure com


by ProofSecure.com (contact () proofsecure com)