Tools

Burp Suite

Burp Suite is a web security testing platform for intercepting, inspecting, and modifying HTTP traffic.

Intercepting proxy captures and lets you modify requests in real time
Repeater resends individual requests for manual parameter testing
Intruder automates fuzzing and brute-force attacks against parameters
Scanner identifies common vulnerabilities like XSS, SQLi, and CSRF
Only test applications you own or have explicit written authorization

Common use cases

Intercept login requests with the proxy to understand authentication flow and test for session fixation or weak token generation
Use Repeater to modify password reset parameters one at a time, identifying missing authorization checks on user-owned resources
Run Intruder with a payload list of common directory names to discover hidden admin panels and unlinked application endpoints