Paros is a web proxy that allows to intercept and modify all HTTP and HTTPS data between server and client, including cookies and form fields.
I will not explain how and why you use it, but if you are really interested, please take a look on the book: The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws.
Unfortunately there is no native Mac Os X version but Corsaire packed one. Since they updated the site, the link to download it provided in the aforementioned book is broken, so I will provide a new working one. All rights reserved to Corsair and Paros Team.
Paros is no longer developed (it also requires JDK 6 which is not longer supported).
An alternative is a fork of it, Zed Attack Proxy, maintained by OWASP:
Zed Attack Proxy (ZAP)