Paros 3.2.0 beta release

From: contact@parosproxy.org
Date: Mon Jan 24 2005 - 15:20:06 EST

• Next message: pete: "Re: Educational Security Assessment project for Northern Virginia Community College students."
• Previous message: Djiali: "Educational Security Assessment project for Northern Virginia Community College students."
• Next in thread: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Reply: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A particular note is that JRE 1.5 is required.

Queries, bug reports and comments on Paros can be sent to [contact at parosproxy org]. Please feel free to send any comments to us!

[Installation]
Note the Windows installer will overwrite the old version if the directory is unchanged.
 Please rename the installation directory if you need to keep the old version
for use. The default installation used 128M VM. You may adjust it depending on your need.

[Brief introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows
users to intercept, modify and debug HTTP and HTTPS data on-the-fly between web
server and client browser. It also supports spidering, proxy-chaining, filtering
and application vulnerability scanning.

[License] - Clarified Artistic License (open source and GPL-compatible license)

[Details/new features]
3.2.0 beta
==========

New

- support charset encoding display in response/trap panels for HTMLs.
        Various language characters eg Chinese, Russian, Japanese, Korean, etc can be displayed.
- Dropping request/response in trap panel.
- Improved checking for redirected response in all plugins.
- Improved spider performance, crawling capability and memory utilization.
- Malicious content filter for suspicious IE ActiveX Control Cross-Site Scripting
- Allow delete/purge site hierarchy or history. Delete = delete from view. Purge means remove from db as well.
- Some user interface streamlining.
- Resend request in history and scanned alerts.
- Replaced Java methods deprecated in Java 1.5. Now the program must be run under Java 1.5.0 or above.
- Include links not crawled (due to out of scope) in spider display.

New (in previous 3.1.3 but new in 3.2.0 beta))
- Log cookie filter in request
- Detect set-cookie filter
- Manual request editor
- client certificate support in Options->certificate
- Some more test is ported. However, a couples of checks is not migrated yet.

Fix (with special thanks to users reporting them)
- URL in header text input if not properly encoded may fail. Now automatically encode for improper characters.
- File dialog does not allow directory browsing.
- spider on individual node does not work.
- window title does not change after setting properties.
- Frameless splash window cannot be displayed under Debian Linux.
- Error was always encountered when saving a session under Debian Linux.
- Fix some NIO problem in Debian OS platforms.
- Host progress dialog may frozen when stopping all hosts.
- Improved CRLF check with more cases to avoid incorrect HTTP response hanging up scanner.
- SQL check to to look for error server response as well.
- Large scans terminate early problem.

• Next message: pete: "Re: Educational Security Assessment project for Northern Virginia Community College students."
• Previous message: Djiali: "Educational Security Assessment project for Northern Virginia Community College students."
• Next in thread: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Reply: Frederic Charpentier: "Is there any known "escape shell" techniques on a IIS/ASP server ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT