Paros v3.1.1 released

• Previous message: Rob Shein: "RE: Email Pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Mar 2004 14:51:22 -0000
To: pen-test@securityfocus.com

Paros v3.1.1 is now available at http://www.proofsecure.com/download.htm

[Brief Introduction]
Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept and modify HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning.

[License]
- Clarified Artistic License (open source and GPL-compatible license)

[New feature]
- add URL encoder/decoder in "Tools|Hash/Encoding..."
- improve performance in reading HTTP header
- add a 'Comment' panel in Log Analyzer to show comments
- add a 'Script' panel in Log Analyzer to show scripts
- add two filters 'ReplaceRequestHeader' and 'ReplaceRequestBody' to replace text in HTTP requests
- rename cookietampering to CRLFInjection to better describe the scanner test case

[Fix]
- solved a bug that SQL scanner checks may use the tampered/modified query string for scanning
- solved a bug that the report may be generated before the last scan thread ends.
- modified 'CookieDetectFilter' filter to handle mutiple Set-Cookie lines in header.

Queries, bug reports and comments on Paros can be sent to
paros@proofsecure.com

by ProofSecure.com

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------

• Previous message: Rob Shein: "RE: Email Pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]