Intercepting Messages
The Intercept tab is used to display and modify HTTP and WebSockets messages
that pass between your browser and web servers. The ability to monitor, intercept and modify all messages is a core
part of Burp's user-driven workflow. In Burp Proxy's options, you can
configure interception rules to
determine exactly what HTTP requests and responses are stalled for interception (for
example, in-scope items, items with specific file extensions, requests with
parameters, etc.). You can also configure which
WebSockets messages are
intercepted.
Controls
When an intercepted message is being displayed, details of the
destination server are shown at the
top of the panel. For HTTP requests, you can manually edit the target server to which
the request will be sent, by clicking on the server caption or the button next
to it.
The panel also contains the following controls:
- Forward - When you have reviewed and (if required)
edited the message, click "Forward" to send the message on to the server
or browser.
- Drop - Use this to abandon the message so that it
is not forwarded.
- Interception is on/off - This button is used to
toggle all interception on and off. If the button is showing "Intercept
is on", then messages will be intercepted or automatically
forwarded according to the configured options for interception of
HTTP and
WebSockets
messages. If the button is
showing "Intercept is off" then all messages will be automatically
forwarded.
- Action - This shows a menu of available actions
that can be performed on the currently displayed message. These are the
same options that appear on the context menu of the intercepted
message display.
- Comment field - This lets you add a comment to
interesting items, to easily identify them later.
Comments added in the intercept panel will appear in the relevant item
in the Proxy history.
Further, if you add a comment to an HTTP request, the comment will appear
again if the corresponding response is also intercepted.
- Highlight - This lets you apply a colored
highlight to interesting items. As with comments,
highlights will appear in the Proxy history and on intercepted
responses.
Note: You can also use hotkeys to forward or drop
intercepted messages. By default, Ctrl+F is used to forward the current
message. You can modify the default hotkeys in the
hotkey options.
Message Display
The main panel of the Intercept tab contains a
message editor that shows
the currently intercepted message, allowing you to analyze the message and
perform numerous actions on it.
The editor context menu contains numerous useful items. In addition to
the standard functions
provided by the editor itself, the following actions are available for HTTP
messages:
- Don't intercept requests/responses - These commands
allow you to quickly add an
interception rule to prevent future interception
of messages that share a specific feature with the currently displayed message (based
on the host, file extension, HTTP status code, etc.). If you are being bugged by
uninteresting requests or responses of a particular type, you can use this
option to automatically forward all such messages.
- Do intercept - Available for requests only, this allows you to
require that the response to the currently displayed request should be
intercepted.
Tuesday, November 29, 2016
1.7.13
This release adds various enhancements and bugfixes.
Burp Infiltrator has been enhanced with a large number of new API sink definitions, for both the Java and .NET platforms.
The manual Burp Collaborator client has been enhanced to give full details of Infiltrator interactions.
A number of bugs have been fixed.
See all release notes ›