OWASP.org .. they have a free local java proxy which allows you to do a number of things, including inject headers and other content into the transactions..

That still requires manual labor, and time.

If the site is really insecure, nessus might reveal some flaws .. they've got plugin categories, might want to check the CGI family here
Nessus plugins by family