Paros proxy is a web application security assessment
tool used to measure the security of a web application. It allows you
to see what data exactly do you submit with your HTML form with Post
method?
Just like other web application security tools paros can be used to find out the SQL-injection and XSS (Cross site scripting) vulnerability on a web application.
Paros is a Java based HTTP/HTTPS proxy
for assessing web application vulnerability. It supports
editing/viewing HTTP messages on-the-fly. Other featuers include
spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
Through Paros's proxy
nature, all HTTP and HTTPS data between server and
client, including cookies and form fields, can be
intercepted and modified.
Paros first crawl the entire website and than execute vulnerability tests,
it is comes with an built in session ID analyser, you can generate a
graph based on all the session IDS, it is also provides a built in
fuzzer option. It is a great,simple and effective tool to use.
Download
Download
Paros Proxy Tutorial
Before installing paros you must have a java version 1.4 or above. As the name says this tool act as your local web proxy,
so after installation you need to set up your browser on the local
proxy. Open your browser network connection and on the proxy tab type.
localhost: 8080
After this all the traffic you male through your browser goes via this tool and the tool first analyse it.
No comments:
Post a Comment