Paros v3.1 released
('binary' encoding is not supported, stored as-is)
Paros v3.1 is now available at http://www.proofsecure.com/download.htm
[Brief Introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning.
[License]
- Clarified Artistic License (open source and GPL-compatible license)
[New feature]
- revamp correlated request and response logs by using a list. By clicking the 'URL' list, the corresponding request and response will be displayed.
- add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported.
- log all request and response into flat file (session_request.log and session_response.log in 'project' directory)
- generate scanning report in HTML format with risk ranking, description and solutions. Reliability is indicated as warning or suspicious.
- support scanning stop (under menu Tree => Scan Stop).
- support modifying the number of scanner threads in Options
- added a number of scanner checks, including
- SSL Cipher suite check
- Cookie tampering check (CRLF injection)
- Buffer overflow check
- Session ID potential exposure in referer
- Session ID locate (informational only)
- Set-cookie check (informational only)
- Server header capture (informational only)
- Platform disclosure in comment check (informational only)
- WebDAV check in HttpMethods
[Fix]
- solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use.
- solved a rare case in which the scanning analyser consumes too much CPU time.
- solved bugs that cause the scanner skips the tree crawled by the spider.
Queries, bug reports and comments on Paros can be sent to
paros@proofsecure.com
by ProofSecure.com
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:53:46 EDT