Burp Suite is one of the best tools available for web application testing. As you can see below I uncovered a GET request to a Russian domain. Needless to say my first thought was a compromise. Anyway, it has a wide variety of features to help you perform various tasks, like intercepting a request and modifying it on the fly, scanning web applications for vulnerabilities, brute forcing login forms, performing a check for the randomness of session tokens, etc.
Help with BurpSuite = http://resources.infosecinstitute.com/burp-suite-walkthrough/