Paros Proxy v.3.2.13 added to SD Security Tools Watch Process

Paros Proxy is a Java application that can not only monitor and capture all HTTP and HTTPS data passing between servers and clients, it can also track cookies and form fields and allows you to modify and resend individual requests. It also supports proxy-chaining, filtering and performs intelligent vulnerability scanning

Paros is for application auditing what is netcat for network. A good swissarmy knife. You can almost do anything (almost..) with this piece of software.

Some functions :

  • Intercept HTTP/HTTPS message
  • Proxy chaining (set another proxy for Paros to connect with)
  • Scanning functions
  • Spidering

And with a little bit of imagination, you can even discover new application attack vectors.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Code Auditing :

    PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)

  • Network Discovery :

    PCI DSS 11.2, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5


Comments

Related Articles

Application Scanner
Code Auditing
Network Discovery
Paros