The page provides a simple and quick reference of using Paros, as well as answers to some common questions. 

Paros Installation

  • Java version
    • Before installing Paros, you should have Java version 1.4 or above installed.
  • Browser setting
    • Set your HTTP proxy and Secure proxy addresses to “localhost” with port “8080”

Paros Proxy Function

  • Intercept HTTP/HTTPS message
    1. Goto the “Trap” page
    2. Check the “Trap Request” option if you want to intercept the HTTP(S) requests
    3. Check the “Trap Response” option if you want to intercept the HTTP(S) requests
    4. The “Tabular View” button should be used when you have trapped the requests and want to modify or look at the form elements in tabular view.
    5. Click the “Continue” button after you have modified the Header and Body in the textarea.
  • Proxy chaining (set another proxy for Paros to connect with)
    1. Goto the “Options” page
    2. In the XML configuration file, find the <ProxyChain> tag.
    3. Add the proxy address between the <Name> tag, e.g. <Name></Name>
    4. Set the correct port, e.g. <Port>8080</Port>
    5. Set the IP addresses or domain names you want to bypass the proxy setting, e.g. <Skip>172.*</Skip>
    6. Click the “Save” button to save the configuration file and re-start the proxy

Paros Scanner Function

  • Steps to use the scanner function
    1. Set your browser (e.g. IE) proxy to Paros
    2. Crawl through the target website using your web browser, so Paros can record down all the GET and POST requests/responses.
    3. In the Web Site Hierarchy, click on the website/node to be scanned
    4. Goto menu “Tree” -> “Scan Selected Node” and start the scanner
    5. Look at the lower “Output” page to see the scanning progress
    6. After finished scanning, a HTML report would be generated.
    7. Goto menu “Report” -> “Last Scan Alert Report” to view back the result

 Paros Miscellaneous Function

  • Spider
    • Menu “Tools” -> “Spider”
  • Submit a custom HTTP/HTTPS request
    • Menu “Tools” -> “Send HTTP(S) Requests”
  • Re-send a HTTP/HTTPS request
    • In the lower “URLs” page, right click the request you want to re-send, and select “Re-send”