The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

You can find more about ZAP at

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Source code for ZAP available at

https://github.com/zaproxy/zaproxy

Here is a tutorial how to set up ZAP Proxy with browser