I have not found any posts about this issue, so I wanted to take the opportunity to spread a fix for an error I came across when using the Paros personal HTTP proxy.
I use Paros for Web application security assessments to test and change HTTP variables (cookies, GET and POST parameters, etc). Often I will have gone through a rather long day of testing and I do not want to lose my progress with Paros as it can give me a log of what has already been tested. Paros provides the option of saving a session that saves 5 files. Assume I saved a session called “web_app_log”; Paros would save these files:
- web_app_log.session
- web_app_log.session.backup
- web_app_log.session.data
- web_app_log.session.properties
- web_app_log.session.script
I don’t know what each one of those is used for and that analysis is outside the scope of this posting. So I have these files… I want to re-open the session, so in Paros I use “File -> Open Session…” and find the directory of the saved session. When I select the session I want and click open, I get a pop-up message with the error “Error opening session file”. I click OK and there’s a blank session…
I spoke with some people about the issue and one had a solution: Chuck Willis told me that, by reverting to an older version of the Java Runtime Environment (I’m currently using the JRE 1.6), the error goes away and the session opens correctly! I downloaded the JDK5 and changed the link in my Paros shortcut from
C:\WINDOWS\system32\javaw.exe -jar paros.jar
to
C:\Program Files\Java\jre1.5.0_15\bin\javaw.exe" -jar paros.jar -nouseragent
This actually has the added bonus of stripping the UserAgent string from HTTP requests (which is what the “-nouseragent” switch does) which is a useful assist when trying to no be terribly blatant about using Paros.
So after changing the shortcut to say “Use the javaw.exe from JRE 1.5″, the session opens correctly. Thank you to Chuck Willis, my co-worker at Mandiant, for the fix. Enjoy.
Encountered the same “Error opening session file”. The fix worked like a charm. Thank you!
Man, if you only knew how long I had to beat my head against a wall for this problem… I’m glad it helped.
great..it works with jre1.5.0_16 as well..thanks for sharing
excellent post!
I was just speaking with a different co-worker, Frank Nagle, and he pointed out that he was able to get the session to load with the default JRE as long as there were no spaces in the path name. How stupid is that?! Anyway, I confirmed that my previously unloadable session at
C:\this has spaces\test.sessionDOES load atc:\nospaces\test.session. My default JRE is 1.6.0_07.I encountered the same error. After applying the fix I am now able to open the saved session. Thanks for the solution, just to add starting quote.
“C:\Program Files\Java\j2re1.4.2_08\bin\javaw.exe” -jar paros.jar -nouseragent
The solution proposed from Jed & Frank Nagle, works great to me.
Thanks!!
I should probably post anew. I have switched fully and enthusiastically to the Burp suite by portswigger (www.portswigger.net). The free version is slightly handicapped and the full version is very affordably priced at $100/year (if you’re using these tools professionally). Take a look at the free version to see if it’s worthwhile for you to pay. Paros was a great start to the host proxy world, but it simply doesn’t compare (and is no longer supported as far as I know)
Hi,
I have tried following your post but for some reason i cant open the file. I have followed your post and downloaded Java 1.5. I then changed the target file to the same as you had mentioned and it still doesnt work. I then changed the saved paros file from desktop to c drive with no spaces in the paros file and yet no luck.. Is there someone who can help me on this???
Thanks
Bob,
I don’t think anybody is actively maintaining Paros, which is one of the reasons I no longer promote it. There are other tools in existence that do more and are actively maintained. One is Fiddler, another (mentioned above) is Burp Suite. WebScarab is another option that is maintained by OWASP (whose mission I believe in). Abandon all hope, ye who enter here! Follow a different path.
Hi,
I am using Windows 7 x64 and UAC whaewere I do I could not be able to write under program fÄ°les (x86) then I’ve installed the program under C:\paros and all problems gone. I’ve used JRE 6 because JRE5 is no longer supported.
Cheers,
K.
Kerem,
Thanks for another solution. I find Paros to be rather dated and I recommend OWASP’s tools: WebScarab or Zed proxy.