login

Burp Suite, the leading toolkit for web application security testing

Intercepting Messages

The Intercept tab is used to display and modify HTTP and WebSockets messages that pass between your browser and web servers. The ability to monitor, intercept and modify all messages is a core part of Burp's user-driven workflow. In Burp Proxy's options, you can configure interception rules to determine exactly what HTTP requests and responses are stalled for interception (for example, in-scope items, items with specific file extensions, requests with parameters, etc.). You can also configure which WebSockets messages are intercepted.

Controls

When an intercepted message is being displayed, details of the destination server are shown at the top of the panel. For HTTP requests, you can manually edit the target server to which the request will be sent, by clicking on the server caption or the button next to it.

The panel also contains the following controls:

Note: You can also use hotkeys to forward or drop intercepted messages. By default, Ctrl+F is used to forward the current message. You can modify the default hotkeys in the suite options.

Message Display

The main panel of the Intercept tab contains a message editor that shows the currently intercepted message, allowing you to analyze the message and perform numerous actions on it.

The editor context menu contains numerous useful items. In addition to the standard functions provided by the editor itself, the following actions are available for HTTP messages:

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, March 12, 2015

v1.6.12

This release contains various bugfixes and minor enhancements, including:

  • In the site map table, the "Method" column previously always showed GET for requests without a body, and POST for requests with a body, even if the actual method was different. This bug has now been fixed and the table shows the correct method.
  • A bug which prevented client SSL certificates from being used when an upstream proxy is configured has been fixed.
  • A bug which caused Decoder to fail to decode hex number HTML entities containing an upper-case X has been fixed.
  • See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.