Paros v2.2 for web application security assessment

Paros v2.2 is now available from
http://www.proofsecure.com/download.htm

Paros is a proxy which acts as a man-in-the-middle between web server and your PC. With this tool, you can easily intercept and modify both HTTP and HTTPS/SSL data passing through, including header(cookies) and body content(form fields). You can use it to test the security of your web application. Its features include spider, website hieararchy analysis, message interception, on-the-fly HTTP(S) filters and vulnerabilty scanning.

The first Paros version (v1.0) was released in Aug 2002. For nearly one year's developement, lots of enhancements was added to it and it is now very stable and fast.

[System Requirement]
Platform independent (It can be run on all platform with Java JRE 1.4.x installed)

[License]
Free for both non-commercial and commercial use. This is the last "closed source" version. We are now re-formatting the source code and the next release will be under GPL-compatible license.

[New Features]
- spider feature added.

• support HTTP 1.1 connections

• auto-scan for cross-site scripting (XSS) vulnerability on website after navigation.
• allow removal of websites from the Tree view

[Basic Features]
- Website hierarchy - Capture hierarchy of websites
while you are navigating.
- Trap function - intercept and manipulate HTTP and
HTTPS requests/responses easily with tabular view.
- Filter function - detect, alert and log patterns in
HTTP messages for manipulation. The current filters can record cookies, GET queries and POST queries.
- Scan function - scan for server mis-configuration
such as directory indexable, obsolete files.
- Logs - log all HTTP request/response content for your
review.
- allow to import client certificate for handshaking or
logon
- utilities to convert message format in SHA1, MD5 and
Base64

[Installation]

1. Download the program from http://www.proofsecure.com
2. Unzip the downloaded file and run the .jar program. For windows platform, the Windows installer version is recommended for easy installation.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

[Documentation]
Get The user guide from
http://www.proofsecure.com/download.htm

Queries, bug reports and comments on Paros can be sent to paros@proofsecure.com

by ProofSecure.com (contact@proofsecure.com) Received on Sat Jul 5 13:05:28 2003