Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Paros v3.1 released

From: <contact () proofsecure com>
Date: 24 Jan 2004 07:30:05 -0000


Paros v3.1 is now available at http://www.proofsecure.com/download.htm

[Brief Introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP 
and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, 
filtering and various vulnerability scanning.

[License]
- Clarified Artistic License (open source and GPL-compatible license)

[New feature]
- revamp correlated request and response logs by using a list.  By clicking the 'URL' list, the corresponding request 
and response will be displayed.
- add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported.
- log all request and response into flat file (session_request.log and session_response.log in 'project' directory)
- generate scanning report in HTML format with risk ranking, description and solutions.  Reliability is indicated as 
warning or suspicious.
- support scanning stop (under menu Tree => Scan Stop).
- support modifying the number of scanner threads in Options
- added a number of scanner checks, including
  - SSL Cipher suite check
  - Cookie tampering check (CRLF injection)
  - Buffer overflow check
  - Session ID potential exposure in referer
  - Session ID locate (informational only)
  - Set-cookie check (informational only)
  - Server header capture (informational only)
  - Platform disclosure in comment check (informational only)
  - WebDAV check in HttpMethods

[Fix]
- solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use.
- solved a rare case in which the scanning analyser consumes too much CPU time.
- solved bugs that cause the scanner skips the tree crawled by the spider.

Queries, bug reports and comments on Paros can be sent to
paros () proofsecure com

by ProofSecure.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: