BlackSheep is currently available for testing (lost of development is still needed). You can get the source code on the blacksheep repo at BitBucket.org.

BlackSheep

Security tool that enables security analysis and penetration testing, BlackSheep is a framework which focuses on augmenting manual pen-test by providing information to the tester. BlackSheep also keeps track of every testing steps employed by the pen-tester and facilitates the storage of the results and test cases.

Current features:

Support of common web technologies: web engine using WebKit (Qt port) to render JavaScript and CSS, support of netscape plugins for Flash, Silverlight, etc.
HTTP requests tampering (GET, POST, Cookie and Headers) by interception or request replay
Exploited XSS that trigger an alert/prompt will be automatically added to findings (based on JavaScript engine runtime events monitoring)
Findings collection based on custom data structure, easy creation of findings based on HTTP history. Export in OFS (Open Finding Schema) later on
History of HTTP requests and responses
Web application informations for pen-testers:
- Site structure (simple tree sitemap)
- Application Flow Map with heuristics and view of all information for each node
- Source code/DOM view with search
- WebKit Inspector available for all pages
- Record of user interactions (clicks, keyboard, etc.) on each web pages (Test case tab)
Partial support of URL rewriting rules
Direct JavaScript injection in DOM
Different transcoders available for charsets, encodings (URL encoding, Base64, etc.)
Plugin capabilities:
- JavaScript: load of multiple javascript files in the DOM (cf. highlight_anchors example), access of current HTTP request (and response content) as JSON sheep_headers variable (cf. header_overlay example)
- Python: Passive (monitor) and active (driver) plugins will be available

Screenshots:

Browser interface: Running with the webkit engine (Qt binding), the browser supports main web technologies and is netscape plugin compatible (flash support, etc.). This screenshots shows a movie being played with a silverlight player.
Source browser/Live editor: Basic HTML view capabilities with search, there is also a DOM Tree view. It is possible to edit the HTML with immediate effect in the browser.
HTTP History: List all HTTP requests made, when a request/response is selected, the HTTP header is populated in the dock view which enable replay and tampering. It is possible to create a finding from the HTTP history view by selecting one or many items.
Sitemap: Structured view of the artifacts downloaded from the web servers.
Application Flow Graph: requests interaction of the user with the selected web server. Heuristics can be applied and nodes that have been actively requested by a user (follow URL, submit form, etc.) are in other colors. In this screenshot, by after running the 'Hihglight secure paths' heuristic, we can see that twitter send credentials over HTTP in the selected node (info on the right).
JavaScript plugins: Simple example of 2 plugins in JavaScript. The first one highlight the links and forms, the second shows the HTTP request header that led to that page (headers info are passed as a JSON array to JavaScript plugins).
Page level user interaction: Record any interaction from the user on the page (limited to mouse and keyboard interactions), record DOM elements with XPath for replay.