Intercepting Messages

The Intercept tab is used to display and modify HTTP and WebSockets messages that pass between your browser and web servers. The ability to monitor, intercept and modify all messages is a core part of Burp's user-driven workflow. In Burp Proxy's options, you can configure interception rules to determine exactly what HTTP requests and responses are stalled for interception (for example, in-scope items, items with specific file extensions, requests with parameters, etc.). You can also configure which WebSockets messages are intercepted.

Controls

When an intercepted message is being displayed, details of the destination server are shown at the top of the panel. For HTTP requests, you can manually edit the target server to which the request will be sent, by clicking on the server caption or the button next to it.

The panel also contains the following controls:

  • Forward - When you have reviewed and (if required) edited the message, click "Forward" to send the message on to the server or browser.
  • Drop - Use this to abandon the message so that it is not forwarded.
  • Interception is on/off - This button is used to toggle all interception on and off. If the button is showing "Intercept is on", then messages will be intercepted or automatically forwarded according to the configured options for interception of HTTP and WebSockets messages. If the button is showing "Intercept is off" then all messages will be automatically forwarded.
  • Action - This shows a menu of available actions that can be performed on the currently displayed message. These are the same options that appear on the context menu of the intercepted message display.
  • Comment field - This lets you add a comment to interesting items, to easily identify them later. Comments added in the intercept panel will appear in the relevant item in the Proxy history. Further, if you add a comment to an HTTP request, the comment will appear again if the corresponding response is also intercepted.
  • Highlight - This lets you apply a colored highlight to interesting items. As with comments, highlights will appear in the Proxy history and on intercepted responses.

Note: You can also use hotkeys to forward or drop intercepted messages. By default, Ctrl+F is used to forward the current message. You can modify the default hotkeys in the hotkey options.

Message Display

The main panel of the Intercept tab contains a message editor that shows the currently intercepted message, allowing you to analyze the message and perform numerous actions on it.

The editor context menu contains numerous useful items. In addition to the standard functions provided by the editor itself, the following actions are available for HTTP messages:

  • Don't intercept requests/responses - These commands allow you to quickly add an interception rule to prevent future interception of messages that share a specific feature with the currently displayed message (based on the host, file extension, HTTP status code, etc.). If you are being bugged by uninteresting requests or responses of a particular type, you can use this option to automatically forward all such messages.
  • Do intercept - Available for requests only, this allows you to require that the response to the currently displayed request should be intercepted.