Step 1:
Check the Proxy settings of Paros from Tools>Options
Local proxy is the setting which you will configure on the web-browser. By default, Paros uses localhost as proxy address and 8080 as the port.
Under Connection settings you configure the address and port number for your corporate/ISP proxy. In case you are not behind a proxy server, leave it remain unchecked (default setting). Additionally, you can bypass certain addresses and configure proxy authentication details also.Step 2:
Next, open the proxy settings configuration box of your web browser and configure proxy server address and port number i.e. Paros settings.
Step 3: Next, open the web-site you want to assess.
And access (crawl) some of the URLs manually, so that Paros get a seed to start crawling.
Step 4:Once seed has been generated in Paros, highlight the web-site, right-click and select Spider.
This will start the auto crawling function.
Step 5:
Now select Analyze>Scan policy from the top-menu.
And select the Vulnerabilities you want to scan for. Notice, that it has almost all the OWASP top 10 vulnerabilities.
Step 6:
Once scan policy is defined, you can start the scan for one or more (all) web-sites visible under Sites pane.
Once the scan process is completed, you can view the results with test data in Alerts window (Bottom).Step 7:
Now, you can generate a detailed report on findings from Report> Last Scan Report
Assessment report will have Vulnerability description, exact instances (URL & affected parameters), recommended solution and relevant references.
I hope the post was informative for you and within a short time span you will also be able to perform your first Automated Web-Application vulnerability scan.
2 comments:
Very good explaination for first time users..
Nice...very Nice....Thank you
But my suggestion is that as you are already familiar with this tool can you please explain in detail so that it will helpful to everyone.
Post a Comment