Uncategorized

ISSC457_Lab2_LastName_FirstName2.doc

ISSC457Week 3 Lab 2

Name: _________________________Date: _____________

Fill in your name above, put your full response below the question, save the file using the file naming convention: “ISSC455_Lab2_LastName_FirstName.doc” where LastName is your last name and FirstName is your first name, then return this document for grading.

Hardware/Software Setup Required

Paros version 3.2.13 (available at

Problem Description

Paros Proxy allows you to scan for Web sites vulnerabilities. An administrator can use it to detect security problems on his or her own Web site and fix them before an attacker exploits them.

In this lab, you will learn how to use Paros Proxy to scan for Web site vulnerabilities.

Estimated completion time: 60 minutes.

Outcome

Report the steps for performing the task above.

Validation/Evaluation

· Add a Web site to Paros

· Scan for vulnerabilities to a cached Web site with Paros

Lab Solution

1. Download Paros Proxy from and install it on your computer.

2. Run Paros Proxy.

image1.png

image2.png

3. Paros can scan for vulnerabilities only for cached Web sites. So, the first thing to do is to cache Web sites with Paros. To cache a Web site, you need to open it with your preferred Web browser. Before that, you need to change the proxy settings for your Web browser.

4. Open your Web browser. Note: For this exercise, we will use Google Chrome as our Web browser.

image3.png

5. Click on the “Customize and control Google Chrome” button and select Options to change the proxy setting.

image4.png

6. Next, select the “Under the Hood” tab and scroll down to the Network section.

image5.png

7. Click on the “Change proxy settings” to open the Internet Properties window. On that window, click on “LAN settings.”

image6.png

8. Then, mark the option “Use a proxy server for your LAN.” Type localhost on the Address field and 8080 on the Port field. Click OK.

image7.png

9. Click OK again.

image8.png

10. Click Close to return to the Web browser.

image9.png

11. Now, visit the Web site you want to scan as you would normally do it with your browser. For example, if you want to scan your company’s Web site, type its corresponding URL in your Web browser to open it. Paros will automatically cache it. Note: Scanning should be done in safe environment.

image10.png

image11.png

12. Now, to start scanning the site for common vulnerabilities, select the site from the Sites list on the left panel. Then, go to Analyse -> Scan. Paros will automatically start scanning your Web site.

image12.png

13. Wait until Paros finishes scanning your site. Click OK to close the following dialog window.

image13.png

14. Go to the Alerts tab on the bottom panel to view all the security problems Paros found for .

image14.png

15. At this point, you should try to fix all the issues listed and make your Web site stronger.

16. Change back the proxy configuration on your Web browser.

17. Close all windows.