Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Paros v3.1 released
Date: Sat Jan 24 2004 - 01:28:58 CST
Paros v3.1 is now available at http://www.proofsecure.com/download.htm
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning.
- Clarified Artistic License (open source and GPL-compatible license)
- revamp correlated request and response logs by using a list. By clicking the 'URL' list, the corresponding request and response will be displayed.
- add advanced log viewer (under menu 'Session') which allow easy browsing and filtering of log. Offline scan supported.
- log all request and response into flat file (session_request.log and session_response.log in 'project' directory)
- generate scanning report in HTML format with risk ranking, description and solutions. Reliability is indicated as warning or suspicious.
- support scanning stop (under menu Tree => Scan Stop).
- support modifying the number of scanner threads in Options
- added a number of scanner checks, including
- SSL Cipher suite check
- Cookie tampering check (CRLF injection)
- Buffer overflow check
- Session ID potential exposure in referer
- Session ID locate (informational only)
- Set-cookie check (informational only)
- Server header capture (informational only)
- Platform disclosure in comment check (informational only)
- WebDAV check in HttpMethods
- solved an occasional infinite loop problem when HTTP 1.1 chunked encoding is in use.
- solved a rare case in which the scanning analyser consumes too much CPU time.
- solved bugs that cause the scanner skips the tree crawled by the spider.
Queries, bug reports and comments on Paros can be sent to