+(91) 914 925 3855 info@infinityprosoft.com House No. 0, Meerpur, Meerut

Paros Proxy: An Application Layer Data Interceptor


This post is about using Paros Proxy, an application layer proxy server which intercepts all the application layer traffic from a specified port and allows you to modify the content going and coming form different HTTP servers.

It is a very useful tool for debuggers designing dynamic websites since it can be used to understand the data being passed. It is a great tool for analyzing and auditing websites too. It is a much better tool than Wireshark if complete information about network packets is not needed. Paros is written in java (therefore can be easily used on any OS) and is simple to use. This article will talk about how to install and run Paros with a simple configuration change. Also an example of the potential use of Paros is demonstrated.

Please note that Java RUntime Environment needs to be installed.

Basic Usage

Go to options menu and click on local proxy, specify the address as localhost and a port preferably larger than 1024 (else you will need to start the application with admin privileges). Now point your browser http,https proxy to localhost and port 8080.

Try to browse a website and check HTTP headers in Paros. Request tab displays all the HTTP requests made by the client while response tab displays all the corresponding responses. The more interesting feature is the trap tab which can intercept and ‘hold’ a page before passing it to a browser. So you can trap a request or a response page and make modifications, drop it or pass it by clicking on the continue button.

You can even send your own http requests by going to tools–>manual request editor. There are some other nice features such as encoding/decoding in base64 scheme tool. (spider) and session tracking

In HTTP there is a field user-agent which contains information about client’s browser. Paros modifies this header with its own name. Some sites can flag this as a request generated by a bot and may not let you enter the site. To prevent this you can change the parameters to run Paros with. Right click on the Paros icon and click on properties. Append ‘-jar paros.jar -nouseragent’ to Target.

Changing Port:

Paros can be set up to listen at whichever port you want it to. The corresponding settings can be found at Tools–>Options–>Local Proxy

Spider Crawl a Website

Suppose you want to view the hierarchy of all the pages of a particular website. This tool can be useful instead of trying to manually search for all the pages. Spider scanning settings can be changed from Tools–>Options–>Spider. You can crawl any site listen on the left panel called ‘Sites’. The results can be viewed in the bottom panel.

I am sure this tool will come handy as it provides a simple interface and a superb functionality to modify HTML content.


Source by Anadi Chaturvedi