Interception proxies and tampering with HTTP requests
The following tip comes from OWASP, it's a small collection of tools for interception proxies and tampering with HTTP requests. This list comes from the OWASP Testing Guide 3.0. Each tool description has been taken from it's respective website.
WebScarab: WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms.
Burp Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
Paros Proxy: Through Paros's proxy, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
TamperIE: TamperIE is a useful tool for security testing your web applications, in order to ensure you don't make foolish assumptions about the data sent by client browsers. Since the tool exposes and allows tampering with otherwise inconvenient input, many user-input security flaws immediately become apparent.
Tamper Data: Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
The only one I've used (and I highly recommend) is WebScarab. While writing this, I did play around a bit with Tamper Data, and I suspect I'll find a use for that tool as well in future testing efforts.
WebScarab: WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms.
Burp Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
Paros Proxy: Through Paros's proxy, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
TamperIE: TamperIE is a useful tool for security testing your web applications, in order to ensure you don't make foolish assumptions about the data sent by client browsers. Since the tool exposes and allows tampering with otherwise inconvenient input, many user-input security flaws immediately become apparent.
Tamper Data: Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
The only one I've used (and I highly recommend) is WebScarab. While writing this, I did play around a bit with Tamper Data, and I suspect I'll find a use for that tool as well in future testing efforts.