Martic.net

Talking in binary since 1980.

Paros Proxy – useful utility for web debugging

Darko at 5:29 pm on Thursday, February 19, 2009

paros proxyWouldn’t it be great if you could see what data exactly do you submit with your HTML form with Post method? Well, you can and it’s easy with Paros Proxy tool !

As the name says, to simplify, this utility acts as your local web proxy. So, to set it up (after the installation) you configure your web browser’s proxy setting to something like http://localhost:xxxx (where “xxxx” is a Paros Proxy specific port). By doing that all traffic you make through your web browser goes through this utility.

This utility actually intercepts all “messages” (traffic packets) and can make a “pause” for you to see what request was made on a client side and is being sent to server.

Beside this capability, with this tool you can also change the request itself and send this changed request to the server. Can you see now how your web can easily be hacked if you’re not doing proper visitor’s input validation? As you figured out by now, besides the client-side validation you must do the server-side validation as well!

So as you can see, this tool is not just a great debuging tool, it is also a great web application security tool.

This application is free and can be found here – www.parosproxy.org

 

2 Comments »

  1. Comment by WebGyver
    March 6, 2009 @ 5:58 pm

    Interesting tool!

    Thanks for pointing this out to the rest of us. I looked at the tool and the web site of the people who make it. One thing I noticed, and it concerned me a little bit, was that the 2004 copyright date.

    Perhaps it still works really well.

    However, I just wanted to let you know about another, similar tool I’ve been using: TamperData. It’s a free Firefox add-on, and it does everything you said Paros Proxy is doing.

    You can check it out at TamperData. (No, I am NOT associated with TamperData, and I do not get any kind of kickback, bonus or benefits from promoting this tool. I simply wanted to let you know what else is available.)

    Keep up the good work!

  2. Comment by Darko
    March 10, 2009 @ 4:08 pm

    Thanx, I’ll check that other tool, altough I don’t like Firefox :) (I’m weird I know)

RSS feed for comments on this post. TrackBack URL

Leave a comment

Enter this code

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
 
Close
E-mail It
Socialized through Gregarious 42