Paros proxy

A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. For downloads and more information, visit the Paros proxy homepage.

#24, 8
Latest release
  • 3.2.13
  • Aug. 8, 2006 (17 years, 11 months ago)
★★½ (2)
0% ★★★★
50% ★★★
0% ★★



no rating Emdash

As Daniel mentioned, the link no longer works. It seems Paros is still on SourceForge:

no rating Daniel

The homepage/download link no longer works. Just redirects to some random dude's blog

★★★★ N

Works great. Noobs might not be able to figure out how to load Java, but people using it for security purposes seem to have no issues.

Sniper Catz

My experience with Paros is that it doesn't work. I'm assuming that this must be an old post. I've never been able to get the program to open on my computer. The version and copyright information loads but then it just times-out. Pretty disappointing

no rating Psiinon

Not too surprisingly I have to agree with Rui. OWASP ZAP is a fork of Paros, has significantly extended it and is very actively maintained. Its free, open source and theres no 'Pro' version. Its also a community project, so anyone can easily contribute.

Disclaimer - I'm the ZAP project lead;)


no rating Rui Pereira

Paros Proxy is old, as in 2005 old, as in java 1.4.2 old. difficult to get it to install on anything recent. Try instead the OWASP Zed Attack Proxy (ZAP), which is a fork of Paros Proxy, runs on current systems, and is constantly updated (current version is 1.3.3 from October 2nd this year, 2011). See

Comments disabled

Feed for updates.