Penetration Testing mailing list archives
Paros v3.1 released
From: <contact () proofsecure com>
Date: 24 Jan 2004 07:30:05 -0000
Paros v3.1 is now available at http://www.proofsecure.com/download.htm [Brief Introduction] Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning. [License] - Clarified Artistic License (open source and GPL-compatible license) [New feature] - revamp correlated request and response logs by using a list. By clicking the 'URL' list, the corresponding request and response will be displayed. - add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported. - log all request and response into flat file (session_request.log and session_response.log in 'project' directory) - generate scanning report in HTML format with risk ranking, description and solutions. Reliability is indicated as warning or suspicious. - support scanning stop (under menu Tree => Scan Stop). - support modifying the number of scanner threads in Options - added a number of scanner checks, including - SSL Cipher suite check - Cookie tampering check (CRLF injection) - Buffer overflow check - Session ID potential exposure in referer - Session ID locate (informational only) - Set-cookie check (informational only) - Server header capture (informational only) - Platform disclosure in comment check (informational only) - WebDAV check in HttpMethods [Fix] - solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use. - solved a rare case in which the scanning analyser consumes too much CPU time. - solved bugs that cause the scanner skips the tree crawled by the spider. Queries, bug reports and comments on Paros can be sent to paros () proofsecure com by ProofSecure.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Paros v3.1 released contact (Jan 25)