Paros Proxy-Web Application Security Assessment

Paros proxy is a web application security assessment tool used to measure the security of a web application. It allows you to see what data exactly do you submit with your HTML form with Post method?

Just like other web application security tools paros can be used to find out the SQL-injection and XSS (Cross site scripting) vulnerability on a web application.

Paros is a Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.


Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Paros first crawl the entire website and than execute vulnerability tests, it is comes with an built in session ID analyser, you can generate a graph based on all the session IDS, it is also provides a built in fuzzer option. It is a great,simple and effective tool to use.


Paros Proxy Tutorial
Before installing paros you must have a java version 1.4 or above. As the name says this tool act as your local web proxy, so after installation you need to set up your browser on the local proxy. Open your browser  network connection and on the proxy tab type.
localhost: 8080
After this all the traffic you male through your browser goes via this tool and the tool first analyse it. 
 


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.