Paros Web Proxy on Ubuntu 8.04 LTS

Parosproxy.org - Web Application Security-1.jpg

Paros is a proxy program you can use to evaluate the security of web applications. It's free of charge and runs completely in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

In this first article I describe how to install Paros in Ubuntu 8.04 LTS, in a future article I give a description of installing it in OS/X and a brief description of the workings.

But first ensure you have installed Java.

java -version

If this gives you back a version number you have java installed; otherwise Ubuntu will indicate in which packages java can be found. When you don't have java installed do the following:

sudo apt-get install sun-java6-jdk
sudo update-java-alternatives -s java-6-sun

After that the version should be something like this:

java version "1.6.0_07"

Next you must download the unix version of Paros from sourceforge.

wget http://downloads.sourceforge.net/paros/paros-3.2.13-unix.zip?modtime=1155077879&big_mirror=0

I like to install my tools in /opt, so after downloading move the archive to /opt and unzip:

sudo mv paros-3.2.13-unix.zip /opt
cd /opt
sudo unzip paros-3.2.13-unix.zip
cd paros

Next you can start paros with the following command (on the site they talk about javaw, but you have to use java):

java -jar paros.jar

You will be greeted by the splash screen and after that the main applications starts.

Paros uses two ports. Port 8080 for the proxy connection and port 8443 for internal SSL handling. So, make sure these two ports are not in use by other applications. You can change the ports and other settings in the "Options" tag of the program. You can test if a port is in use with lsof; if it returns nothing the port is not in use.

lsof -i :8080 -i :8443

The next step is to configure your browser to use the proxy port (8080). In this example I'm using Firefox 3.
Go to the Edit menu, choose Preferences. In the Preferences panel go to the Advanced tab and choose Network from the tabs below. Click on Settings in the Connection part.

This opens the Connection Settings panel. Choose Manual proxy configuration and put 127.0.0.1 in the HTTP Proxy field and 8080 in the Port field.
Repeat these settings in the SSL Proxy field (use 8080 not 8443). Click OK and close the Preferences.

When you now surf to a site all traffic between the webserver and the browser will be intercepted by paros. How you can use Paros I will describe in a future article.

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Edwin van Nuil

All about mac, linux, security, photography and geek stuff

02 October 2008