Paros v3.0 for web application security assessment

Paros v3.0 is now available from
http://www.proofsecure.com/download.htm

Paros is a proxy which acts as a man-in-the-middle between web server and your PC. With this tool, you can easily intercept and modify both HTTP and HTTPS/SSL data passing through, including header(cookies) and body content(form fields). You can use it to test the security of your web application. Its features include Spider, website hieararchy analysis, message interception, on-the-fly HTTP(S) filters and vulnerabilty scanning.

The first Paros version (v1.0) was released in Aug 2002. For nearly one year's developement, lots of enhancements was added to it and it is now very stable and fast.

Note that the functions in v3.0 are the same as that in v2.2. The only difference is the license change (see below).

[System Requirement]
Platform independent (It can be run on all platform with Java JRE 1.4.x installed)

[License]
Paros v3.0 is under Clarified Artistic License (open source and GPL-compatible license).

[Features]
- Spider feature added.

• Support HTTP 1.1 connections
• Auto-scan for cross-site scripting (XSS) vulnerability on website after navigation.
• Website hierarchy - Capture hierarchy of websites while you are navigating.
• Trap function - intercept and manipulate HTTP and HTTPS requests/responses easily with tabular view.
• Filter function - detect, alert and log patterns in HTTP messages for manipulation. The current filters can record cookies, GET queries and POST queries.
• Scan function - scan for server mis-configuration such as directory indexable, obsolete files.
• Logs - log all HTTP request/response content for your review.
• Client certificate support - allow to import client certificate for handshaking or logon
• Utilities to convert message format in SHA1, MD5 and Base64

[Installation]
1. Download the program from http://www.proofsecure.com 2. Unzip the downloaded file and run the .jar program (type 'javaw -jar paros.jar'). For windows platform, the Windows installer version is recommended for easy installation.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

[Documentation]
Get The user guide from
http://www.proofsecure.com/download.htm

Queries, bug reports and comments on Paros can be sent to paros@proofsecure.com

by ProofSecure.com (contact@proofsecure.com) Received on Wed Aug 6 09:54:42 2003