An article show how to test various security bug of website using HTTP header manipulation tool.  However, look like using a HTTP client is more easy and scriptable?

http://www.onlamp.com/lpt/a/6268