Not all "man-in-the-middle" proxy tools can handle SSL sessions when the client and the server use certificates,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
because they can't store the client certificate for handshaking or logon. However, if they import the required client certificate prior to handshaking or logon, the Paros Proxy can intercept and modify HTTPS data, even when applications require a client certificate. Although the client and the server may be trusted, the attacker can modify any part of the request and response before forwarding it.
Paros is a very powerful program and can be used to evaluate the security of Web applications. It is free of charge and completely written in Java. It has several tools including a record feature, which keeps a history of all HTTP requests and responses. This feature allows the developer or attacker to review all of the actions, pages and variables. It also includes automated vulnerability scanning and detection capabilities for some common Web application attacks, including SQL injection and cross-site scripting. Paros also scans for unsafe Web content, such as unsigned ActiveX controls and browser exploits sent by the target Web server. For more information about Paros visit the Web site at http://www.parosproxy.org.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.