ProfessionalCommunity Edition

Proxy intercept

  • Last updated: March 1, 2024

  • Read time: 3 Minutes

From the Proxy > Intercept tab, you can intercept HTTP requests and responses sent between the browser and the target server. This enables you to study how the website behaves when you interact with it.

The intercept feature enables you to perform the following useful actions:

  • Intercept a request and modify it before forwarding it to the server.
  • Send interesting requests to Burp's other tools, such as Repeater or Intruder, for further testing.
  • Drop a request to prevent it from reaching the server.

Getting started

If you want a quick introduction to intercepting messages, you can follow the tutorials in the Getting started section:

Controls

When you intercept a message, the request details are populated in the Proxy > Intercept tab. You can see details of the target server at the top of the panel. For HTTP requests you can manually edit the target server. Select the Edit target menu.

The panel also contains the following controls:

  • Forward - After you review or edit the message, click Forward to send the message to the target.
  • Drop - To cancel the request so that it never reaches the target server, click Drop.
  • Interception is on/off - Use this button to toggle all interception on and off:

    • If the button shows Intercept is on, messages are intercepted. You can also configure messages to be forwarded automatically using the settings for interception of HTTP and WebSocket messages.
    • If the button shows Intercept is off, Burp forwards all messages automatically.
  • Action - This shows the context menu for the main panel. From here, you can perform a range of actions such as running scans, or sending requests to other Burp tools.

Note

You can use hotkeys to forward or drop intercepted messages. By default, Ctrl+F forwards the current message. You can modify the default hotkeys in the hotkey settings.

Adding annotations

You can add notes and highlights to intercepted messages. This enables you to describe the purpose of different messages, and to flag interesting messages for further investigation.

Any annotations that you make also appear against the item in the HTTP history. If you apply an annotation to an HTTP request, the annotation appears again if the corresponding response is also intercepted.

To highlight an intercepted message, click the highlight button on the right-hand side of the control panel, then select a color from the list.

To add a note, click Notes and enter your comment in the Notes panel.

Message display

The message editor in the main panel shows the current intercepted message. From here you can analyze the message and perform actions on it.

Click Action to see the context menu and access the standard functions. You can also perform the following actions for HTTP messages:

  • Don't intercept requests/responses - You can add an interception rule so that Burp automatically forwards messages that share a specific feature, such as host, file extension, or HTTP status code. Use this feature if you're seeing a lot of uninteresting requests or responses of a particular type.
  • Do intercept - Select this function to intercept the response to the currently displayed request. This is only available for requests.

Protocol

You can use the Inspector to edit the protocol for the request. For more information, see the HTTP/2 documentation.

Was this article helpful?