The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Features:

• Intercepting Proxy
• Automated scanner
• Passive scanner
• Brute Force scanner
• Spider
• Fuzzer
• Port scanner
• Dynamic SSL certificates
• API
• Beanshell integration

Characteristics:

• Easy to install (just requires java 1.6)
• Ease of use a priority
• Comprehensive help pages
• Fully internationalized
• Under active development
• Open source
• Free (no paid for ‘Pro’ version)
• Cross platform
• Involvement actively encouraged

Download: ZAP 1.3.1

Mallory is a transparent TCP and UDP proxy.
It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.

In more technical terms, Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway.

Download: mallory-tip.tar.gz

More Info: Mallory – Intrepidus Group

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.

Charles simulates modem speeds by effectively throttling your bandwidth and introducing latency, so that you can experience an entire website as a modem user might (bandwidth simulator).

Charles is especially useful for Adobe Flash developers as you can view the contents of LoadVariables, LoadMovie and XML loads. Charles also has native support for Flash Remoting (AMF0 and AMF3).

Charles is also useful for XML development in web browsers, such as AJAX (Asynchronous Javascript and XML) and XMLHTTP, as it enables you to see the actual XML that is flowing between the client and the server. Charles natively supports JSON, JSON-RPC and SOAP; displaying each in a simplified tree format for easy viewing and debugging.

Charles will autoconfigure your browser’s proxy settings on the following browsers:

* IE (Windows system proxy settings)
* Firefox
* Safari (Mac OS X or Windows system proxy settings)

Supported Platforms:
* Windows
* Mac OS X
* Linux/Unix

Latest Release: Version 3.3.1

Download: http://www.charlesproxy.com/download.php

PROXY SWITCHER v.3.9 + serial key + [FLASH VIDEO TUTORIAL INCLUDED]

Just wanted to share that IP changer might somebody need it (for safety surfing)

PROXY SWITCHER BENEFITS:
1. Hide your IP address from the web sites you visit.
2. Penetrate bans and blocks on forums, classifields and download sites (rapidshare etc.).
3. Automatic proxy server switching for improved anonymous surfing.
4. Easy way to change proxy settings on the fly.
5. For webmasters – check search engine results from different countries.
6. Fully compatible with Internet Explorer, Firefox, Opera and others.
7. Advanced proxy list scanning and management.

Download :
http://rapidshare.com/files/200170140/Proxy_Switcher_Pro_v3.9.zip

XSS Proxy is an advanced Cross Site Scripting (XSS) attack tool.
The documents, tools and other content on this site assume you have a basic understanding of XSS issues and existing exploitation method.

Download XSS Proxy :

http://sourceforge.net/project/showfiles.php?group_id=130402&package_id=142941&release_id=545299

More Info :
http://xss-proxy.sourceforge.net/