CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another

Download
http://www.contextis.com/resources/tools/cat/download/