WebApp Sec mailing list archives
Paros v3.1 released
From: <contact () proofsecure com>
Date: 24 Jan 2004 07:28:58 -0000
Paros v3.1 is now available at http://www.proofsecure.com/download.htm [Brief Introduction] Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning. [License] - Clarified Artistic License (open source and GPL-compatible license) [New feature] - revamp correlated request and response logs by using a list. By clicking the 'URL' list, the corresponding request and response will be displayed. - add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported. - log all request and response into flat file (session_request.log and session_response.log in 'project' directory) - generate scanning report in HTML format with risk ranking, description and solutions. Reliability is indicated as warning or suspicious. - support scanning stop (under menu Tree => Scan Stop). - support modifying the number of scanner threads in Options - added a number of scanner checks, including - SSL Cipher suite check - Cookie tampering check (CRLF injection) - Buffer overflow check - Session ID potential exposure in referer - Session ID locate (informational only) - Set-cookie check (informational only) - Server header capture (informational only) - Platform disclosure in comment check (informational only) - WebDAV check in HttpMethods [Fix] - solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use. - solved a rare case in which the scanning analyser consumes too much CPU time. - solved bugs that cause the scanner skips the tree crawled by the spider. Queries, bug reports and comments on Paros can be sent to paros () proofsecure com by ProofSecure.com
Current thread:
- Paros v3.1 released contact (Jan 24)