Paros Proxy - Cool tool to add to your arsenal
August 15, 2005
Last week I downloaded the free HTTP Proxy tool called Paros Proxy after a recommendation from the WebHacking book by Stuart McClure and I'm pretty darn satisfied with it. Testing SOAP applications can be a bit of a pain and having a proxy like this really makes life easy, as well as being able to do little security tests on your application without needing to write a custom socket client script.
Brief Overview:
Paraos allows you to see the raw HTTP traffic from your browser to your webserver and INTERCEPT AND MODIFY IT! So basically you click on a link on your webpage, the http request goes to your proxy(Paros) and sits there, letting you view it. If you want to change a variable or the user agent at runtime to see how your script reacts just change it and hit send and it then sends it to the webserver. You can also see the raw response that the web server returns.
It is espcially handy for testing how drop down lists or radio buttons where you have a set of defined options yet at run time you want to test what a malicious user could actual send as those values to make sure you're testing for those fields properly.
Some other cool features...
*Manual Request Box - lets you type in a manual GET/POST whatever request to the webserver
*Scanner - scans the site for basic vulns (haven't really gotten too deep on this feature yet)
*Filters - lets you filter out requests you might not be interested in like jpg, gif, css, etc
http://www.parosproxy.org/index.shtml
Brief Overview:
Paraos allows you to see the raw HTTP traffic from your browser to your webserver and INTERCEPT AND MODIFY IT! So basically you click on a link on your webpage, the http request goes to your proxy(Paros) and sits there, letting you view it. If you want to change a variable or the user agent at runtime to see how your script reacts just change it and hit send and it then sends it to the webserver. You can also see the raw response that the web server returns.
It is espcially handy for testing how drop down lists or radio buttons where you have a set of defined options yet at run time you want to test what a malicious user could actual send as those values to make sure you're testing for those fields properly.
Some other cool features...
*Manual Request Box - lets you type in a manual GET/POST whatever request to the webserver
*Scanner - scans the site for basic vulns (haven't really gotten too deep on this feature yet)
*Filters - lets you filter out requests you might not be interested in like jpg, gif, css, etc
http://www.parosproxy.org/index.shtml
Eddie Peloke says:
August 16, 2005 @ 07:59 — Reply
Cool, thanks for the info. I used to use one called proximitron which did a lot of this but I think development on it has died.
John McDonnell says:
March 2, 2007 @ 04:47 — Reply
Fiddler does similar functionality. It's easily scriptable, but modification of the requests is not one of the default scripts.
Anonymous says:
June 14, 2007 @ 04:15 — Reply
I am totally new to this. Could you please tell me how to add the websites into the website tree?
kumar says:
April 5, 2010 @ 04:38 — Reply
Comment pending moderation
blu ray ripper says:
April 18, 2010 @ 05:01 — Reply
Comment pending moderation
642-067 says:
May 19, 2010 @ 00:36 — Reply
Comment pending moderation
virbram five fingers says:
June 4, 2010 @ 23:20 — Reply
Comment pending moderation
LOuIs VuItToN Damier Graphite Canvas says:
June 9, 2010 @ 21:09 — Reply
Comment pending moderation
jewellery earrings says:
June 22, 2010 @ 02:04 — Reply
Comment pending moderation