Last updated: October 20, 2023
Read time: 3 Minutes
From the Proxy > Intercept tab, you can intercept HTTP requests and responses sent between the browser and the target server. This enables you to study how the website behaves when you interact with it.
The intercept feature enables you to perform the following useful actions:
- Intercept a request and modify it before forwarding it to the server.
- Send interesting requests to Burp's other tools, such as Repeater or Intruder, for further testing.
- Drop a request to prevent it from reaching the server.
If you want a quick introduction to intercepting messages, you can follow the tutorials in the Getting started section:
When you intercept a message, the request details are populated in the Proxy > Intercept tab. You can see details of the target server at the top of the panel. For HTTP requests you can manually edit the target server. Select the Edit target menu.
The panel also contains the following controls:
- Forward - After you review or edit the message, click Forward to send the message to the target.
- Drop - To cancel the request so that it never reaches the target server, click Drop.
Interception is on/off - Use this button to toggle all interception on and off:
- Action - This shows the context menu for the main panel. From here, you can perform a range of actions such as running scans, or sending requests to other Burp tools.
You can use hotkeys to forward or drop intercepted messages. By default, Ctrl+F forwards the current message. You can modify the default hotkeys in the hotkey settings.
You can add notes and highlights to intercepted messages. This enables you to describe the purpose of different messages, and to flag interesting messages for further investigation.
Any annotations that you make also appear against the item in the HTTP history. If you apply an annotation to an HTTP request, the annotation appears again if the corresponding response is also intercepted.
To highlight an intercepted message, click the highlight button on the right-hand side of the control panel, then select a color from the list.
To add a note, click Notes and enter your comment in the Notes panel.
The message editor in the main panel shows the current intercepted message. From here you can analyze the message and perform actions on it.
Click Action to see the context menu and access the standard functions. You can also perform the following actions for HTTP messages:
- Don't intercept requests/responses - You can add an interception rule so that Burp automatically forwards messages that share a specific feature, such as host, file extension, or HTTP status code. Use this feature if you're seeing a lot of uninteresting requests or responses of a particular type.
- Do intercept - Select this function to intercept the response to the currently displayed request. This is only available for requests.
Was this article helpful?
An error occurred, please try again.