BurpSuite’s pretty much the go to tool for web app pentesting, although the licenced version is a must have, the free version equally rocks. Once you’ve bossed it you won’t be able to do without it ;->
Here’s some handy tips & tricks, although some info’s dated it’s still very relevant…
Let e know your thoughts on the usability of Burp Suite and if we need to do a redesign of this tool? Or if you prefer other tools over Burp Suite like OWASP ZAP