OWASP Fiddler Addons for Security Testing Project

Main
Welcome to the OWASP page for the and  security testing tools! These tools have been built as addons for the |Fiddler HTTP proxy. A quick overview:


 * is a passive vulnerability scanner for Web applications
 * is an active cross-site scripting testing tool for Web applications
 * |Fiddler is an HTTP debugging proxy with support (and scripting support) for traffic interception, traffic modification, replay, comparison, data parsing, offline usage, NTLM/basic/digest auth, and much more

The |Fiddler HTTP debugging proxy has a long history and a wide user base and was chosen as the platform for building security testing tools found on this page. By leveraging |Fiddler we can focus our efforts on the security testing logic and let the proxy do its job.