Paros

Paros serves as a web application proxy designed for security testing of web applications. It allows users to intercept, inspect, and modify HTTP requests and responses, making it ideal for identifying vulnerabilities during development or penetration testing. The tool's GUI interface provides an intuitive way to configure sessions, set breakpoints, and perform active scans.

Key use cases include manual testing of web apps for issues like SQL injection, XSS, and other common vulnerabilities through its proxy capabilities. Additionally, it features an automated spider for crawling sites and a scanner that applies predefined policies to detect security flaws. This makes Paros suitable for both manual and semi-automated web security assessments.

The tool is Java-based, ensuring cross-platform compatibility, and integrates well into Kali Linux environments for professional penetration testing workflows.

Paros operates as a Java-based HTTP proxy that sits between the browser and target web application, intercepting all traffic for inspection and modification. In GUI mode, users configure the proxy, map sites, and use tools like the spider—which recursively crawls sites starting from seed URLs—and the vulnerability scanner, which applies predefined policies to detect issues such as injections or misconfigurations. Command-line mode supports scripted operations like spidering with seeds or generating scan reports from prior sessions, leveraging the paros.jar file for execution.