Subscribe
Photo Credit: practicalowl
I discovered a cool free tool at the recent RSA conference, called Paros, a man-in-the-middle (MITM) proxy. While my fist impression was that Paros is no more than a hacking tool, upon further investigation I discovered it can be really useful to developers and testers.
If you don’t know what a man in the middle attack is, it is an Internet attack, where the person doing the attacking intercepts, and attempts to read or alter information moving between two computers.
As a dev tool, Paros is useful because:
- You can easily monitor the traffic between the browser and the site you are developing.
- You can trap the requests, and if you made an error you can change it, so you can test that whether the remainder of the application works correctly. This saves you having to immediately change the application to correct the erroneous request.
- It raises the visibility of the information being exchanged. If there is any user related information, other than the initial login information, get rid of it quick, as this will allow hackers to easily request other user’s information.
Fore warned is fore armed.
One thing I don’t like is that when you download Paros, they hide the download link in the top right hand corner of the download page, and present sponsor solicitations, which on a quick glance, you think they are required for downloading. They are not, so skip them.
I have since discovered Fiddler, which I had yet to try. This is a free tool, supposedly from Microsoft, so if you prefer a non-Java based application, as Paros is, give this a try.
Sphere: Related Content
Add to Delicious
Digg This!
Stumble This!
Mixx This!
Sphinn This!
Add to Technorati
Or, use Firefox and install the add-on Firebug, very useful indeed.