Burp Suite - Integrated Platform for Attacking Web Applications Key features : * Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser. * One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree. * Detailed analysis and rendering of requests and responses. * Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools. * Centrally configured settings for downstream proxies, web and proxy authentication, and logging. * Tools can run in a single tabbed window, or be detached in individual windows. * All tool and suite configuration is optionally persistent across program loads. * Runs in both Linux and Windows. * Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering. * Burp Sequencer, a new tool for analysing session token randomness. * Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data. * Burp Comparer, a new utility for performing a visual diff of any two data items. * Support for custom client and server SSL certificates. * Ability to follow 3xx redirects in Burp Intruder and Repeater attacks. * Improved interception and match-and-replace rules in Burp Proxy. * A "lean mode", for users who prefer less functionality and a smaller resource footprint. Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com. Burp Suite in action: Download From Home Page: http://portswigger.net/suite/download.html Help to Use: http://portswigger.net/suite/help.html btw;seems to be a nice stuff have fun ...