Last week, I learned that website is an easy source of information. We could get a lot of informations from a website. One of the tools that we learned is paros proxy. It is a Java-based web proxy for accessing web application vulnerability. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.
Below are the experiment I do using paros proxy.
With paros proxy, I was able to see the structure of this company’s website
As we can see from the picture, I could see the details like the subfolder and the domains.
In the paros proxy, we can scan a specific folder to see the their vulnerabilities. In this case, I scanned the main page of the company’s website.
And then there will be a generated scanning report in the LatestScanningReport.htm which is the result from the scanning. I could see the risk level whether is high, low or medium and also the website server, etc.