Published on June 19th, 2016 📆 | 8234 Views ⚑0
Paros — A Java Based Web Proxy Tool
Paros is a Java based HTTP/HTTPS proxy for assessing the vulnerability of web application. And it supports the editing/viewing HTTP/HTTPS messages on-the-fly to modify the items just like cookies as well as form fields.
Whereas it includes many other features such as traffic recorder, web spider, client certificate, hash calculator, proxy-chaining, intelligent scanning for XSS and SQL injections etc as well as it is used as for testing of common web application attacks just like SQL injection & cross-site scripting.
Well, it is a precious testing tool for your security and also testing of vulnerability. It can be used to spider/crawl in your whole site and then implement the scanned vulnerability by scanner tests. Although it goes away from that it comes with a built-in value which can be proxy traffic.
This Paros Proxy utility can be used to interfere or influence any HTTP or HTTPS traffic on the fly. Because this makes some of the more interesting security types of testing. And it will help you separate the possible areas of security concern as well as then the manual effort to carry out the type of testing that you want.
Paros also approaches with an assembled in Session ID analyzer. It will show a graph of all the types of Session ID's that has been existing with utilizing a multiple threaded session initiators. Then you can conclude if the graph seems random enough for the Session ID.
It is a quite unique as well as an interesting tool to use. But critically most of the developers will rely upon another technology such as - tomcat, apache, or some other application to create the Session ids. Always this is not the case and just like a Session ID analysis that should be performed. Sometimes the Session ID will not be randomized enough as well as the hash used to generate the Session ID simply expected.
This valuable tool also comes with a built-in Fuzzer. And you will need to create your own Fuzzer library to use the Fuzzer, but it will execute all of the fuzzing for you.