This post is about using Paros Proxy, an application layer proxy server that intercepts all application layer traffic from a specific port and allows you to modify content to and from different HTTP servers.
It is a very useful tool for debuggers designing dynamic websites, as it can be used to understand the data being transmitted. It is also a great tool for analyzing and auditing websites. It is a much better tool than Wireshark if complete information about network packets is not needed. Paros is written in java (hence it can be easily used on any operating system) and it is easy to use. This article will talk about how to install and run Paros with a simple configuration change. An example of the potential use of Paros is also demonstrated.
Note that you need to install the Java RUntime Environment.
Basic use
Go to the options menu and click on local proxy, specify the address as localhost and a port preferably greater than 1024 (otherwise you will need to start the application with administrator privileges). Now point your http browser, https proxy to localhost and port 8080.
Try browsing a website and checking the HTTP headers in Paros. The request tab shows all HTTP requests made by the client, while the response tab shows all corresponding responses. The most interesting feature is the cheat tab that can intercept and ‘hold’ a page before passing it to a browser. So that you can capture a request or response page and make modifications, drop it or pass it by clicking the Continue button.
You can even submit your own http requests by going to tools -> manual request editor. There are some other cool features, like encoding / decoding in the base64 schema tool. (spider) and session tracking
In HTTP there is a user agent field that contains information about the client’s browser. Paros modifies this header with his own name. Some sites may mark this as a request generated by a bot and may not allow you to enter the site. To avoid this, you can change the parameters with which to run Paros. Right-click on the Paros icon and click on properties. Add ‘-jar paros.jar -nouseragent’ to Target.
Port change:
Paros can be configured to listen on any port you want. The corresponding settings can be found in Tools -> Options -> Local Proxy
Spider crawls a website
Suppose you want to see the hierarchy of all the pages on a particular website. This tool can be useful instead of trying to manually find all the pages. Spider scan settings can be changed from Tools -> Options -> Spider. You can crawl any site you listen to in the left panel called ‘Sites’. The results can be seen in the lower panel.
I am sure this tool will be useful as it provides a simple interface and excellent functionality for modifying HTML content.