Attack Surface

Attack Surface is a Burp and ZAP plugin to help understand and visualize an application's untrusted data. Attack Surface will discover and illustrate all the untrusted data that your web application accepts and present it to you in various formats. It also provides a mechanism track and eliminate all untrusted data as potential vulnerabilities. It also has a reporting tool, which can be used to record your reasoning for deeming untrusted data as safe.

Read the User Guide to find out more.

The Burp version of the Attack Surface plugin can be downloaded here and the ZAP version can be downloaded here.