PROFESSIONALCOMMUNITY
Getting started with Burp Proxy's intercept feature
-
Last updated: May 17, 2022
-
Read time: 3 Minutes
Burp Proxy's intercept feature lets you intercept HTTP requests and responses sent between the browser and the target server. This enables you to study how the website behaves when you perform different actions.
The intercept feature lets you perform the following useful actions:
- Intercept a request and modify it before forwarding it to the server.
- Send interesting requests to Burp's other tools, such as Repeater or Intruder, for further testing.
- Drop a request to prevent it from reaching the server.
You can find the intercept feature on the Proxy > Intercept tab.

We recommend following the tutorial below to learn how to use Burp Proxy's intercept feature.
For more detailed information, please see the full documentation.
Tutorial
In this tutorial, you'll use Burp Proxy to intercept and modify a request to see how the server responds.
Step 1: Access the lab
Open Burp's browser, and use it to access the following URL:
https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-excessive-trust-in-client-side-controls
Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website.

Step 2: Log in to a user account
Click My account and log in using the following credentials: wiener:peter
.
Step 3: Find something to buy
Click Home, then view the details for the Lightweight "l33t" leather jacket.
Step 4: Intercept the add to cart request
In Burp, go to the Proxy > Intercept tab.
Make sure that Intercept is on.

In the browser, add the leather jacket to your cart.
In Burp, notice that the resulting POST /cart
request is intercepted.

Note
You may initially see a different request on the Proxy > Intercept tab if the browser is doing something else in the background. In this case, just click
Forward until you see the POST /cart
request as shown in the screenshot above.
Step 5: Modify the request
In the request body, change the value of the price
parameter to 1
.

Step 6: Send the modified request to the server
Click Forward to send the modified request to the server.
Switch interception off again. Subsequent requests will now pass through Burp Proxy uninterrupted, so you can browse the site as normal. Any HTTP requests the browser makes will still be captured on the Proxy > HTTP history tab.
In Burp's browser, click the basket icon in the upper-right corner to view your cart. Notice that the jacket has been added, but you have managed to change the price to just one cent and are able to complete the purchase.
Note
There is no way to modify the price via the web interface. You were only able to make this change thanks to Burp Proxy.
Learn more about Burp Proxy's intercept feature
You have now learned how to intercept, review, and manipulate HTTP traffic using Burp Proxy's intercept feature. To learn more, refer to the links below:
Note
If you want to test different inputs in the same request, you can send the request to Burp Repeater. This lets you edit and resend the same request as many times as you like, without having to intercept it each time. For more information, refer to Getting started with Burp Repeater.
You can also practice using Proxy intercept and other Burp Suite features with the deliberately vulnerable "lab" websites on our Web Security Academy.