Fiddler: The Web Application Debugging Tool
Fiddler is a free web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera, and more. Fiddler steps in to help you record all the HTTP and HTTPS traffic that passes between your computer and the Internet. Fiddler supports a wide range of filters such as “hide a session”, “highlight interesting traffic”, “breakpoint for manipulation on a session”, “block traffic from sending”, and more that can save you loads of time and efforts.
You can store the HTTP(s) traffic you captured though Fiddler to an archive (SAZ file) and reload it later, even from a different computer.
Enterprise HTTP Security Inspection For Penetration Testing.
- The need for HTTP Security Inspection on Application Security
- Application Layer – HTTP from the Security Perspective
An Application Layer is the first layer which need a security check which just goes beyond any other common checks. Somehow, automated scanners might do this as pre-defined in the programmed logic, but most of them fail to find the bugs which passes through the HTTP Handler and hence create critical vulnerabilities for business enterprise.
Read full Tutorial here
It is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
It’s a web application security learning platform built on PHP and MySQL.
The project focuses on variations of commonly seen application security issues. Each ‘Brick’ has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to ‘Break the Bricks’ and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
It is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.