SensePost presented Suru, a man in the middle proxy for testing Web applications for potential vulnerabilities. It allows you to sit in the middle of HTTP GET and POST request, modify the requests with regular expressions (to insert some single quotes, perhaps) as well as attach a fuzzing tool to the Web service requests. It also does some reconnaisance as you browse the site:
As you browse Suru automatically detects when a new directory is used (e.g. when the user surfed to http://abc_corp/abc/ the directory /abc/ is automatically searched). This means that, as the analyst is surfing the application Suru will learn more and more about the application and perform more in-depth discovery of the site.
