OWASP Zed Attack Proxy
Every web application penetration tester needs vulnerability scanner. The OWASP Zed Attack proxy will become your best friend. Easy to use and setup, this integrate penetration testing tool will find a wide range of vulnerabilities. From direct browsing to persistent cross-site scripting, this tool will find them all. The best part… it’s totally free.
Fiddler Intercepting Proxy
This tool is the bread and butter for any web application penetration tester. Fiddler gives you the power to intercept HTTP/HTTPS traffic allows you to display and modify requests and responses using a man-in-the-middle decryption technique. Privilege escalations, script injections, filter bypasses, and more all become easily executable with this intuitive and simple tool.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.