Home page logo
/

Paros proxy

A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. For downloads and more information, visit the Paros proxy homepage.

Popularity #24, 8
Rating ★ (1)
Latest release 3.2.13
Aug. 8, 2006
(8 years, 2 months ago)
Homepage/Download
Outdated/incomplete?
★★★★★ 
 0%
★★★★ 
 0%
★★★ 
 0%
★★ 
 0%
★ 
 100%
Screenshot

Comments

Sniper Catz

My experience with Paros is that it doesn't work. I'm assuming that this must be an old post. I've never been able to get the program to open on my computer. The version and copyright information loads but then it just times-out. Pretty disappointing

no rating Psiinon

Not too surprisingly I have to agree with Rui. OWASP ZAP is a fork of Paros, has significantly extended it and is very actively maintained. Its free, open source and theres no 'Pro' version. Its also a community project, so anyone can easily contribute.

Disclaimer - I'm the ZAP project lead;)

Psiinon

no rating Rui Pereira

Paros Proxy is old, as in 2005 old, as in java 1.4.2 old. difficult to get it to install on anything recent. Try instead the OWASP Zed Attack Proxy (ZAP), which is a fork of Paros Proxy, runs on current systems, and is constantly updated (current version is 1.3.3 from October 2nd this year, 2011). See https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

 
 
  (will not be shown, will not be spammed)
  (web site, Twitter, Facebook, etc.)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 Which does not belong: buffer overflow, format string, sql injection, flux capacitor, cross-site scripting (antispam)

Feed for updates.

Home

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]