Paros v3.1 released

From: contact@proofsecure.com
Date: Sat Jan 24 2004 - 02:30:05 EST

Next message: Nexus: "Re: Pen Test vs. Health Check"
Previous message: Andy Paton: "How to pick the right company for penetration testing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Paros v3.1 is now available at http://www.proofsecure.com/download.htm

[Brief Introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning.

[License]
- Clarified Artistic License (open source and GPL-compatible license)

[New feature]
- revamp correlated request and response logs by using a list. By clicking the 'URL' list, the corresponding request and response will be displayed.
- add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported.
- log all request and response into flat file (session_request.log and session_response.log in 'project' directory)
- generate scanning report in HTML format with risk ranking, description and solutions. Reliability is indicated as warning or suspicious.
- support scanning stop (under menu Tree => Scan Stop).
- support modifying the number of scanner threads in Options
- added a number of scanner checks, including
  - SSL Cipher suite check
  - Cookie tampering check (CRLF injection)
  - Buffer overflow check
  - Session ID potential exposure in referer
  - Session ID locate (informational only)
  - Set-cookie check (informational only)
  - Server header capture (informational only)
  - Platform disclosure in comment check (informational only)
  - WebDAV check in HttpMethods

[Fix]
- solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use.
- solved a rare case in which the scanning analyser consumes too much CPU time.
- solved bugs that cause the scanner skips the tree crawled by the spider.

Queries, bug reports and comments on Paros can be sent to
paros@proofsecure.com

by ProofSecure.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Nexus: "Re: Pen Test vs. Health Check"
Previous message: Andy Paton: "How to pick the right company for penetration testing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT