The page provides a simple and quick reference of using Paros, as well as answers to some common questions.
- Java version
- Before installing Paros, you should have Java version 1.4 or above installed.
- Browser setting
- Set your HTTP proxy and Secure proxy addresses to “localhost” with port “8080”
Paros Proxy Function
- Intercept HTTP/HTTPS message
- Goto the “Trap” page
- Check the “Trap Request” option if you want to intercept the HTTP(S) requests
- Check the “Trap Response” option if you want to intercept the HTTP(S) requests
- The “Tabular View” button should be used when you have trapped the requests and want to modify or look at the form elements in tabular view.
- Click the “Continue” button after you have modified the Header and Body in the textarea.
- Proxy chaining (set another proxy for Paros to connect with)
- Goto the “Options” page
- In the XML configuration file, find the <ProxyChain> tag.
- Add the proxy address between the <Name> tag, e.g. <Name>proxy.abc.com</Name>
- Set the correct port, e.g. <Port>8080</Port>
- Set the IP addresses or domain names you want to bypass the proxy setting, e.g. <Skip>172.*</Skip>
- Click the “Save” button to save the configuration file and re-start the proxy
Paros Scanner Function
- Steps to use the scanner function
- Set your browser (e.g. IE) proxy to Paros
- Crawl through the target website using your web browser, so Paros can record down all the GET and POST requests/responses.
- In the Web Site Hierarchy, click on the website/node to be scanned
- Goto menu “Tree” -> “Scan Selected Node” and start the scanner
- Look at the lower “Output” page to see the scanning progress
- After finished scanning, a HTML report would be generated.
- Goto menu “Report” -> “Last Scan Alert Report” to view back the result
Paros Miscellaneous Function
- Menu “Tools” -> “Spider”
- Submit a custom HTTP/HTTPS request
- Menu “Tools” -> “Send HTTP(S) Requests”
- Re-send a HTTP/HTTPS request
- In the lower “URLs” page, right click the request you want to re-send, and select “Re-send”