The Intercept tab is used to display and modify HTTP and WebSockets messages
that pass between your browser and web servers. The ability to monitor, intercept and modify all messages is a core
part of Burp's user-driven workflow. In Burp Proxy's options, you can
configure interception rules to
determine exactly what HTTP requests and responses are stalled for interception (for
example, in-scope items, items with specific file extensions, requests with
parameters, etc.). You can also configure which
WebSockets messages are
When an intercepted message is being displayed, details of the
destination server are shown at the
top of the panel. For HTTP requests, you can manually edit the target server to which
the request will be sent, by clicking on the server caption or the button next
The panel also contains the following controls:
- Forward - When you have reviewed and (if required)
edited the message, click "Forward" to send the message on to the server
- Drop - Use this to abandon the message so that it
is not forwarded.
- Interception is on/off - This button is used to
toggle all interception on and off. If the button is showing "Intercept
is on", then messages will be intercepted or automatically
forwarded according to the configured options for interception of
messages. If the button is
showing "Intercept is off" then all messages will be automatically
- Action - This shows a menu of available actions
that can be performed on the currently displayed message. These are the
same options that appear on the context menu of the intercepted
- Comment field - This lets you add a comment to
interesting items, to easily identify them later.
Comments added in the intercept panel will appear in the relevant item
in the Proxy history.
Further, if you add a comment to an HTTP request, the comment will appear
again if the corresponding response is also intercepted.
- Highlight - This lets you apply a colored
highlight to interesting items. As with comments,
highlights will appear in the Proxy history and on intercepted
Note: You can also use hotkeys to forward or drop
intercepted messages. By default, Ctrl+F is used to forward the current
message. You can modify the default hotkeys in the
The main panel of the Intercept tab contains a
message editor that shows
the currently intercepted message, allowing you to analyze the message and
perform numerous actions on it.
The editor context menu contains numerous useful items. In addition to
the standard functions
provided by the editor itself, the following actions are available for HTTP
- Don't intercept requests/responses - These commands
allow you to quickly add an
interception rule to prevent future interception
of messages that share a specific feature with the currently displayed message (based
on the host, file extension, HTTP status code, etc.). If you are being bugged by
uninteresting requests or responses of a particular type, you can use this
option to automatically forward all such messages.
- Do intercept - Available for requests only, this allows you to
require that the response to the currently displayed request should be
Tuesday, February 17, 2015
This release adds a new Scanner check for path-relative style sheet import (PRSSI) vulnerabilities.
These issues are not widely understood by security testers or application developers, and real vulnerabilities are quite prevalent in the wild. The impact of the vulnerability is in many cases serious, and equivalent to cross-site scripting (XSS).
See all release notes ›