Paros 3.2.0beta version is available. The new verison is available at
http://www.parosproxy.org.
A particular note is that JRE 1.5 is required.
Queries, bug reports and comments on Paros can be sent to [contact at
parosproxy org]. Please feel free to send any comments to us!
[Installation]
Note the Windows installer will overwrite the old version if the directory is
unchanged.
Please rename the installation directory if you need to keep the old version
for use. The default installation used 128M VM. You may adjust it depending
on your need.
[Brief introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It
allows
users to intercept, modify and debug HTTP and HTTPS data on-the-fly between web
server and client browser. It also supports spidering, proxy-chaining, filtering
and application vulnerability scanning.
[License] - Clarified Artistic License (open source and GPL-compatible license)
[Details/new features]
3.2.0 beta
==========
New
- support charset encoding display in response/trap panels for HTMLs.
Various language characters eg Chinese, Russian, Japanese, Korean, etc
can be displayed.
- Dropping request/response in trap panel.
- Improved checking for redirected response in all plugins.
- Improved spider performance, crawling capability and memory utilization.
- Malicious content filter for suspicious IE ActiveX Control Cross-Site
Scripting
- Allow delete/purge site hierarchy or history. Delete = delete from
view. Purge means remove from db as well.
- Some user interface streamlining.
- Resend request in history and scanned alerts.
- Replaced Java methods deprecated in Java 1.5. Now the program must be
run under Java 1.5.0 or above.
- Include links not crawled (due to out of scope) in spider display.
New (in previous 3.1.3 but new in 3.2.0 beta))
- Log cookie filter in request
- Detect set-cookie filter
- Manual request editor
- client certificate support in Options->certificate
- Some more test is ported. However, a couples of checks is not migrated
yet.
Fix (with special thanks to users reporting them)
- URL in header text input if not properly encoded may fail. Now
automatically encode for improper characters.
- File dialog does not allow directory browsing.
- spider on individual node does not work.
- window title does not change after setting properties.
- Frameless splash window cannot be displayed under Debian Linux.
- Error was always encountered when saving a session under Debian Linux.
- Fix some NIO problem in Debian OS platforms.
- Host progress dialog may frozen when stopping all hosts.
- Improved CRLF check with more cases to avoid incorrect HTTP response
hanging up scanner.
- SQL check to to look for error server response as well.
- Large scans terminate early problem.
