One of my favorite “free” HTTP proxies (because it’s under active development) is the Burp Suite. It seems the author(s?) is hard at work on a new version and is promoting it with a Month of Burp Pr0n, a post every day on the new features that are coming in version 1.2. It looks like the new version will have active scanning and target filtering, which have definitely been on my personal wishlist.

One of my favorite features of the tool is Burp Intruder. In instances where authorization bypass is a possibility, or incrementing integers are utilized for record id’s, Intruder is a very handy way of brute-forcing your access to data you may not have authorization for. As an example, I just used Intruder to increment through a few hundred id’s on an application to gain access to and analyze data I shouldn’t have access to.

Burp is great and in addition to the features mentioned above, it looks like it may also have passive scanning like ratproxy by Google. Exciting stuff!