Web challenges require users to demonstrate their knowledge of web technologies by exploiting common vulnerabilities in them. These technologies may include cookies, databases, or specific web application frameworks.
A graphical tool for testing Web application security. Provides many useful features, such as capturing traffic, editing requests, brute-forcing capabilities.
A useful, simple graphical interface for crafting custom requests, typically for use in developing web APIs.
Not typically needed for most CTFs, Nessus is a useful vulnerability scanner, including scans for many common web vulnerabilities.
Provides public URL to your localhost server. Very useful when you need to capture and inspect web traffic to another site, such as capturing admin cookies using XSS