Description: paros is a program for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Paros also comes with a built in Session ID analyzer. It will display a graph of all the types of Session ID's it has been presented with using a multiple threaded session initiator. You then can determine if the graph appears random enough for the Session ID. It is a pretty unique and interesting tool to use. Although typically most developers will rely upon another technology tomcat, apache, or some other application to generate Session ID's. This is not always the case and as such a Session ID analysis should be performed. Sometimes the Session ID will not be randomized enough and the hash used to create the Session ID is easily predictable.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Hello, I'm Trying To configure paros proxy in windows its not working for me can anybody help me please ?
Paros Proxy is also used in spider websites, analyze content, modify requests, and much more. This proxy is a necessary tool when performing assessments, penetration testing, code reviews, application deployment reviews, or any other website security tasks.
As Paros Proxy is a java-based open source tool the developers have provided the community with executable versions for various operating systems as well as the source code for modifications and development.
thanks
@Ronaldo its very easy to configure paros proxy just Use this link and fallow the steps. http://www.parosproxy.org/install.shtml
And if you want to use paros proxy in backtrack so watch this video http://www.securitytube.net/video/1351 Enjoy :)
As mentioned in the video Paros is now quite old and hasnt been updated for many years.
However there is an actively maintained fork of Paros - the OWASP Zed Attack Proxy: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Its cross platform, open source and completely free.
A significant amount of work has been put into it, and it now offers much more functionality than Paros does.
Psiinon