Burp Suite Tamper
Burp Suite Tamper Burp Suite Tamper is the pro-grade HTTP interception and modification engine for CI/CD security testing, enabling real-time header, body, and parameter tampering to bypass WAFs or test proxy logic with Intruder/Repeater in GitHub Actions via CLI. Export payloads via Burp API, chain with macros for session handling. Community/Pro from PortSwigger, it's the tamper titan for pentesters templating surgical request forgery in pipelines.
Explore →mitmproxy
mitmproxy mitmproxy is the interactive SSL-capable HTTP/HTTPS proxy for CI tampering, scripting request/response mutations in Python to inject headers, chunk payloads, or bypass HSTS with inline scripts in Jenkins/GitLab. Run headless via --mode for JSON logs, integrate with Docker for replay attacks. Open-source from mitmproxy, it's the man-in-the-middle maestro for devs templating dynamic traffic shaping.
Explore →HTTPTamperingTool
HTTPTamperingTool HTTPTamperingTool is the lightweight CLI for HTTP header and body manipulation in CI, fuzzing WAFs with randomized case, whitespace, or encoding injection via YAML configs in Azure DevOps. Output diffs and response codes in SARIF for gate checks. Open-source from 0x1mason, it's the header hacker for ops templating low-overhead request mutation in secure builds.
Explore →TamperIE
TamperIE TamperIE is the browser-based HTTP tampering extension for CI/CD validation, modifying live requests/responses via DevTools-like UI with rule persistence for testing proxy enforcement in GitHub Actions. Export rules as JSON, sync across sessions for consistent replay. Open-source from Google, it's the in-browser tamper for web devs templating client-side request control.
Explore →Fiddler Classic
Fiddler Classic Fiddler Classic is the Windows HTTP debugging proxy for CI tampering, auto-breaking on rules to alter POST data, headers, or cookies with FiddlerScript for WAF bypass testing in Jenkins. Save sessions as SAZ, automate via .NET COM for pipeline integration. Freeware from Telerik, it's the fiddler on the roof for .NET teams templating deep packet surgery.
Explore →Charles Proxy
Charles Proxy Charles Proxy is the cross-platform HTTP/SSL proxy for CI tampering, rewriting requests/responses via map local/remote, breakpoints, and throttle simulation to test CDN/WAF behavior in CircleCI. Export HAR, script via Java for automation. Commercial with trial from XK72, it's the rewrite ruler for macOS/iOS devs templating full-stack traffic manipulation.
Explore →Tamper Dev
Tamper Dev Tamper Dev is the Chrome/Firefox extension for persistent HTTP tampering in CI, applying JS-based request/response rules across domains to inject auth tokens or bypass CSP in GitHub Actions via Puppeteer. Sync rules via cloud, version control in repos. Open-source inspired, it's the dev-mode tamper for frontend teams templating runtime request overrides.
Explore →OWASP ZAP