As per OWASP and PCI DSS security industry standards, they recommend to use BurpSuite.
Following are the key features:
Detailed analysis and rendering of requests and responses.
One-click transfer of interesting requests between tools.
Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
Support for custom client and server SSL certificates.
Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
Tools can run in a single tabbed window, or be detached in individual windows.
Runs in both Linux and Windows.
After Using this tool, I personally liked its functionalities and configuration of this tool is comparatively easy.
Note: Detail information can be found from net easily.
For Cross Scripting ,Cookies & SQL Injection : you can even find the firefox plugins named 'Exploit ME' and there are more of 'securitycompass' company.