Zaproxy
- The OWASP Zed Attack Proxy (ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications.
Burp Suite
- Burp suite allows the attacker to inspect and modify traffic between the browser and the target application.
- It analyzes all kinds of content, with automatic colorizing of request and response syntax.
JHijack
- A Java hijacking tool for web application session security assessment.
- A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.
- DroidSheep:
- DroidSheep is a simple Android tool for web session hijacking (sidejacking).
- It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session IDs from these packets.
- DroidSniff:
- DroidSniff is an Android app for security analysis in wireless networks and capturing Facebook, Twitter, Linkedin, and other accounts.