|
Paros Installation
- Java version
- Before installing Paros, you should have Java
version 1.4 or above installed.
- Browser setting
- Set your HTTP proxy and Secure proxy
addresses to "localhost" with port "8080"
Paros Proxy
Function
- Intercept HTTP/HTTPS message
- Goto the "Trap" page
- Check the "Trap Request" option if you want
to intercept the HTTP(S) requests
- Check the "Trap Response" option if you want
to intercept the HTTP(S) responses
- The "Tabular View" button should be used when
you have trapped the requests and want to modify or look at the form
elements in tabular view.
- Click the "Continue" button after you have
modified the Header and Body in the textarea.
- Proxy chaining (set another proxy for Paros to
connect with)
- Goto the "Options" page
- In the XML configuration file, find the
<ProxyChain> tag.
- Add the proxy address between the
<Name> tag, e.g. <Name>proxy.abc.com</Name>
- Set the correct port, e.g.
<Port>8080</Port>
- Set the IP addresses or domain names you want
to bypass the proxy setting, e.g. <Skip>172.*</Skip>
- Click the "Save" button to save the
configuration file and re-start the proxy
Paros Scanner Function
- Steps to use the scanner function
- Set your browser (e.g. IE) proxy to Paros
- Crawl through the target website using your
web browser, so Paros can record down all the GET and POST
requests/responses.
- In the Web Site Hierarchy, click on the
website/node to be scanned
- Goto menu "Tree" -> "Scan Selected Node"
and start the scanner
- Look at the lower "Output" page to see the
scanning progress
- After finished scanning, a HTML report would
be generated.
- Goto menu "Report" -> "Last Scan Alert
Report" to view back the result
Paros Miscellaneous Function
- Submit a custom HTTP/HTTPS request
- Menu "Tools" -> "Send HTTP(S) Requests"
- Re-send a HTTP/HTTPS request
- In the lower "URLs" page, right click the
request you want to re-send, and select "Re-send"
|
|
