This feature allows you to intercept all HTTP and HTTPS through the proxy and change the traffic on the fly. To activate this feature, simply press the "intercept Is Off." To stop capturing, click "intercept Is On."
The button "Forward" allows you to accept any changes while the button "Drop" will drop them.
The button "action" offers the same features as the menu on the "Target" tab.
This tab allows you to configure the Burp Suite proxy:
- Proxy listeners
- The buttons "edit", "remove" and "add" manage the configuration or proxy (ies). It is possible to create multiple "listeners" (ie. multiple instances of proxies, change the default listening port (8080), etc.)
- Listen on loopback interface only: If this box is unchecked, the other computers on the network can use the proxy
- support invisible proxying for non-proxy-aware clients : This box should normally be unchecked. You may need to use this feature in particular cases (ie. if the target application uses a client component that runs outside the browser).
- use a custom server SSL certificate (PKCS12) : you may need to generate your own certificate if the target application does not accept the default proxy
- intercept client requests : This section allows you to specify a set of rules that apply to filter intercepts requests sent by the client
- intercept server responses : This section allows you to specify a set of rules that apply to filter intercepts requests received from the server
- HTML modification :
- unhide hidden form fields : displays the hidden fields (fields of type "hidden") by receiving a server response
- enable disabled form fileds: remove the disabled attributes of the form fields
- remove input field length limits : removal of property "maxlength" from form fields
- remove <object> tags : delete all content between tags <object> and </object>
- match and replace : allows you to replace the responses sent to the server
- misc :
- talk HTTP/1.0 to server : converts messages to the server in the HTTP/1.0 protocol
- unpack gzip/deflate : some browsers accept the forms in compressed format. This option lets you specify whether the content should be compressed or not.
This tab lets you view the page history that has passed through the proxy. You can check the details of each request, then send them to another tab (Sequencer, Repeater, etc.)..
The table displays the following columns :
|#||ID of the request|
|host||URL of the target|
|method||Method HTTP : POST or GET|
|URL||URL (directory tree)|
|mod||Whether the query was modified after interception|
|status||Status code response|
|length||Response size (in bytes)|
|MIME type||MIME type of the response|
|extension||File type of the resource|
|title||HTML page title|
|SSL||Indicates if SSL is used|
|IP||IP Address of the target host|
|cookies||List cookies created by the server|
|time||Time of application|