Paros Proxy
Today, I read this post on OraTransplant. It remembered me of another useful tool I regularly use, Paros Proxy. It is basically a proxy running on your local machine. After installing Parsos and setting up the proxy in your browser (IE, FF, whatever) it intercepts all HTTP requests and responses between browser and web server.
This allows you to inspect request headers (that includes form data being submitted and cookies being sent) and response headers (including cookies being set).
What is very nice, is that you can ‘trap’ requests and responses and edit them before they are sent or received. This has given me better insights in how I can improve on the application design and security scheme of any web application I design, build or test. “Security by obscurity” is suddenly put in a whole different perspective when communication between browser and server is 100% transparent.
Technorati: http, headers, cookies, proxy, security, web application, edit, interception, replay
Share This
