A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.
For downloads and more information,
visit the Paros proxy homepage.
My experience with Paros is that it doesn't work. I'm assuming that this must be an old post. I've never been able to get the program to open on my computer. The version and copyright information loads but then it just times-out. Pretty disappointing
Not too surprisingly I have to agree with Rui.
OWASP ZAP is a fork of Paros, has significantly extended it and is very actively maintained.
Its free, open source and theres no 'Pro' version.
Its also a community project, so anyone can easily contribute.
Paros Proxy is old, as in 2005 old, as in java 1.4.2 old. difficult to get it to install on anything recent. Try instead the OWASP Zed Attack Proxy (ZAP), which is a fork of Paros Proxy, runs on current systems, and is constantly updated (current version is 1.3.3 from October 2nd this year, 2011). See https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).