Monday, May 4, 2009


Paros Proxy is a pretty nifty proxy tool for application security testing. I use it frequently to intercept interactions (ie. requests and responses) between my browser and sites I want to scrutinise. What I didn't realise was that Paros would attach its name to the User-Agent header when submitting my browser's requests. This is not desirable if you want to avoid hackers being alerted to your interactions with their compromised site.
To counter this, the User-Agent header has to be modified before sending out the request traffic. The permanent solution is to instruct Paros to stop adding its name into the header by adding the switch "-nouseragent" after the Paros command.
Thanks to w01f for this tip.

No comments:

Post a Comment