Fiddler: The Web Application Debugging Tool
Fiddler is a free web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera, and more. Fiddler steps in to help you record all the HTTP and HTTPS traffic that passes between your computer and the Internet. Fiddler supports a wide range of filters such as “hide a session”, “highlight interesting traffic”, “breakpoint for manipulation on a session”, “block traffic from sending”, and more that can save you loads of time and efforts.
You can store the HTTP(s) traffic you captured though Fiddler to an archive (SAZ file) and reload it later, even from a different computer.
Download
GoLismero:
It is an Open Source security tools that can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer…) take their results. The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester.. Read more
Download
WebScarab:
It is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
Download
Bricks:
It’s a web application security learning platform built on PHP and MySQL.
The project focuses on variations of commonly seen application security issues. Each ‘Brick’ has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to ‘Break the Bricks’ and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
Download
Panoptic:
It is a tool that searches for commonly known files through LFI vulnerabilities. Local file inclusion is a vulnerability that allows the attacker to read files that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function. To get started, you will need Python 2.6+. Panoptic display the found file paths and it can save the actual files as well.
Download
ModSecurity:
It is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
Download
Fiddler is a free web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera, and more. Fiddler steps in to help you record all the HTTP and HTTPS traffic that passes between your computer and the Internet. Fiddler supports a wide range of filters such as “hide a session”, “highlight interesting traffic”, “breakpoint for manipulation on a session”, “block traffic from sending”, and more that can save you loads of time and efforts.
You can store the HTTP(s) traffic you captured though Fiddler to an archive (SAZ file) and reload it later, even from a different computer.
Download
GoLismero:
It is an Open Source security tools that can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer…) take their results. The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester.. Read more
Download
WebScarab:
It is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
Download
Bricks:
It’s a web application security learning platform built on PHP and MySQL.
The project focuses on variations of commonly seen application security issues. Each ‘Brick’ has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to ‘Break the Bricks’ and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
Download
Panoptic:
It is a tool that searches for commonly known files through LFI vulnerabilities. Local file inclusion is a vulnerability that allows the attacker to read files that are stored locally through the web application.This happens because the code of the application does not properly sanitize the include() function. To get started, you will need Python 2.6+. Panoptic display the found file paths and it can save the actual files as well.
Download
ModSecurity:
It is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
Download