Paros 3.2.11 has been released. This version is a maintenance release with a useful feature requested by various users. All users are recommended to upgrade to this version.
One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite).
Paros labels itself as MITM Proxy + Spider + Scanner plus anything else you want it to be, it is a pretty neat piece of software.
It’s particularly useful for testing web applications and things such as insecure sessions.
Paros is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
These proxies have a different purpose than those personal type proxies like Proxomitron which are intended to protect you, clean adverts, block spyware and so on. Proxies like Paros and Burp are meant for examining the security of applications and web application auditing.
You do need Java Run Time Enviroment (JRE) 1.4 (or above) to install Paros.
- Almost 90% completely rewrite of all codes!!!
- Improved connectivity. Better HTTP/1.1 keep alive support.
- Improved authentication support
. support proxy authentication. Basic and NTLM should be supported.
. support individual server authentication.
- Improved session saving
. the sites hierarchy and history can be restored from session file.
. better performance by use of inline DB.
. support large sites testing both in scanning and spidering.
- Better extensibility by supporting extensions and plugins
- New extension design
. used for adding functions to core program
. to be further polished in final release
- New plugin features
. each plugin represent a test
. support knowledge base for plugins sharing
. support dependency check.
. customer plugins can be created by inheriting different AbstractPluginXXX class.
. to be further polished in final release
- New spider:
. URL crawling and form crawling. Forms will fill the options values with limited combinations.
. with configurable options.
. support start/stop/resume
. estimated % complete
- New scanner:
. with configurable options
. with multiple hosts/threads
. support stopping individual hosts.
. generated alerts can be viewed while scanning.
- New filters:
. custom filter can be added by dropping into filter directory by using Filter interface.
- New application logging support in log directory.
- Improved user interface.
. Click on tab to maximize working panel.
. Support image viewing.
- Support use of Ant (1.6.2) build.xml
- Change of copyright owner to parent company.
You can download the latest version of Paros Here.
0 comments:
Post a Comment