HTTP::Proxy for pen testing tasks

Could someone provide ideas how HTT开发者_JAVA技巧P::Proxy module is compared to others proxies like paros and burp proxy and if someone use it during his work specifically if it used by the pen testing community for real job

HTTP::Proxy is a perl module that you can use to build your own intercepting (and other) proxies. Since it has the entire Perl language at its disposal, it can be very powerful, but it requires you to know what you're doing and develop a lot of code.

The other proxies you mention (Burp, Paros, WebScarab, etc.) have the advantage of being built for the specific purpose of intercepting and tampering with data flows in HTTP sessions. Many of them can man-in-the-middle SSL/TLS sessions, which HTTP::Proxy won't do out of the box. They are by far the preferable tools for pentesting work.

Though a Perl program using HTTP::Proxy could be very extensible, several of the pre-built proxies offer scripting capabilities. WebScarab, for instance, allows scripting with BeanShell.

In short, these are really different tools for different purposes.