Changes:
New
- skipping designated URL in spider. Use options to set the spider.
- auto update menu and periodic check for update (Windows and Linux
platform only).
Fix
- the use of new external library caused slower performance of proxy.
Restored to older library.
3.2.12
======
New
- Use newest external library for HTTP handling.
- enable/disable spider to POST forms in options panel to avoid
generating unwanted traffic (default to enable). This is requested
by many users.
- Decrease the number of possible combinations crawled by spider on
forms with multiple SELECT/OPTIONS. This make crawling less
resource consuming and lower chance to affect application being scanned.
- Minor UI changes.
Fix
- Fallback database library to previous version as in Paros 3.2.10
because of a problem with hsqldb where some byte combination may
consume 100% cpu time.
- Increase width of method display in history to cater for other
longer method names.
- Default file scans may display incorrect HTTP message body if the
original message is a POST request.
3.2.11
======
New
- Revamp History log panel.
- Added "tag..." in right-click pop-up window for History log panel. This
help to quickly identify a HTTP message in History display.
- Concurrent delete of multiple URL's in the site hierarchy (sf.net request
ID 1472300).
- Use of newest db library.
Fix
- For POST request, if the body contain binary parameters of certain pattern,
it may be unable to issue a re-send because URLDecode failed to decode
properly.
Changes:
- Tracking session state problem reported (previously only restart
can reset session state).
- Paros startup problem when added server authentication into
authentication panel.
- Authentnciation entry reappear even after deleted (when proxy
reloads).
Changes:
New
- Continuous browser display when selecting in History panel.
- Use final stable version of external library.
- Record working directory for all subsequent file access within
the same Paros instance.
- Improved spider capability to crawl forms with textarea and handle
links with "&"
- Improved check for cross-site script without bracket.
- Improved check for PHP error and MySQL.
- Improved blind sql check on double quotes.
Fix
- if request body contain certain binary bytes it may cause unnecessary
encoding and corrupt the request. Fixed to always submit contain
binary bytes.
- better handling of accepted-encoding.
vulnerabilities.
A Java based HTTP/HTTPS proxy for assessing web application vulnerabilities.
It supports editing/viewing HTTP messages on-the-fly. Other features include
spiders, client certificate, proxy-chaining, intelligent scanning for XSS
and SQL injections and more.
