After 6 months rewrite Paros 3.2.0alpha version is out. This is a significant
upgrade. See the details below.
The new verison is available at http://www.parosproxy.org. (The old link at
www.proofsecure.com is obsolete.)
This version is still under works but we wish to receive comments from the
community so we release an alpha version. Some previous features or checks
(plugins) have not yet been entirely implemented in this new version.
Hopefully they will be available in coming releases.
Queries, bug reports and comments on Paros can be sent to
contact@parosproxy.org. Feel free to send to us!
[Installation]
Note the Windows installer will overwrite the old version if the directory is
unchanged. Please rename the installation directory if you need to keep the
old version for use.
[Brief introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It
allows users to intercept, modify and debug HTTP and HTTPS data on-the-fly
between web server and client browser. It also supports spidering,
proxy-chaining, filtering and application vulnerability scanning.
[License] - Clarified Artistic License (open source and GPL-compatible license)
[Details/new features]
-almost 80% complete rewrite of most codes.
-improved connectivity with better HTTP/1.1 keep alive support.
-improved authentication support in proxy/server level. Basic and NTLM should
be supported.
-improved session saving.
. The sites hierarchy and history can be restored from session file.
. better performance by use of inline DB.
. Support large sites testing both in scanning and spider crawling..
-better extensibility by supporting extensions and plugins
-new extensions used for adding functions to core program. To be further
polished in final release
-new plugin features:
. each plugin represent a test
. support knowledge base for plugins sharing and dependency check.
. custom plugins can be created by inheriting different AbstractXXXPlugin
class.
. to be further polished in final release
-new spider:
. URL crawling and form crawling. Forms filling (with limited
combinations) using Option values.
. with configurable options.
. support start/stop/resume
. estimated % complete
-new scanner:
. with configurable options
. with multiple hosts/threads
. support stopping individual hosts.
. generated alerts can be viewed while scanning. Message sent can be
viewed.
-new filters:
. custom filter can be added by dropping into filter directory by using
Filter interface.
-new application logging support in log directory.
-improved user interface.
. double click on tab to maximize working panel.
. support image viewing.
-support use of Ant (1.6.2) build.xml in source.
-change of copyright owner (Chinotec Technologies) and new hosting website
(www.parosproxy.org)
[Known issue]
-client certificate is not supported yet
-some previous plugins (checks) such as SSLCheck, XSS is not yet ready.
