Paros is a great tool to have in your suite. It provides a great proxy for, as mentioned, the modification of requests and responses. It can spider a website and analyze it for XSS, SQL injection, and unwanted file vulnerabilities. The biggest feature it is lacking, IMHO, is a fuzzer. But since there are plenty of other tools out there to perform this function it is probably not necessary.
One thing to watch out for when using this tool is that fact that it includes the Paros name in the User Agent string. The program is configured to automatically place Paros and the version number at the end of the User Agent and, the last time I checked, you could not change this through the GUI. Why is this a problem, you ask? Well, by placing the name of the tool in the User Agent it gives the web developers a mechanism to monitor for and deny access to this tool. It was probably included explicitly for this purpose. The good news is that the Paros Proxy project provides the source code for their tool. This proxy is written in Java and therefore can easily be modified. A while back I blogged about this subject. Although the version is dated the concept and steps should still be the same. If you are interested you can find the post at http://www.cutawaysecurity.com/blog/archives/9
I hope this helps.
Go forth and do good things,