Burp Suite

What it does

Intercepts, inspects, and modifies HTTP/HTTPS traffic between browser and server. Includes scanner, repeater, intruder, and many other security testing tools.

When to use it

• Web application penetration testing
• API security testing
• Debugging HTTP requests

When not to use it

• Simple traffic viewing only
• Non-web protocols

Limitations

• Free version has limited features
• Steep learning curve