A new add-on for the Fiddler2 proxy enables passive monitoring/analysis of websites. Specifically this is handy for any pen analysis of sites under review for PCI audits. The add-on can be found at http://websecuritytool.codeplex.com/, and there is an excellent blog article covering its intent at http://blogs.msdn.com/sdl/archive/2009/04/16/watcher-a-new-web-security-testing-tool.aspx.

Hopefully this helps anyone looking for help performing some semi-automated test.

Gareth