As a penetration tester I have many tools that I use to help with web application testing, but the one tool that never lets me down is Burp suite by portswigger. Burp suite is an intercepting proxy that allows you to modify and inspect web traffic, it comes in two flavors, free and paid. The free version is powerful enough to assist any pen test engineer, whereas the paid version will add extra features to make your tests go smoother and faster.
https://komunity.komand.com/learn/article/burp-series-intercepting-and-modifying-made-easy/