# Enable Interception - Burp - Go to Proxy Tab and turn Intercept ON - Then go to pre-configured browser or enable foxy proxy and visit target page - We will see an intercepted request awaiting action, which we can Forward to allow through - At this point, we could also manipulate the request before forwarding ![[images/Pasted image 20251111111012.png]] - ZAP - Click on green click to intercept ![[images/Pasted image 20251111111145.png]] - Then go to pre-configured browser or enable foxy proxy and visit target page - We will see an intercepted request awaiting action, which we can forward by clicking the Break button ![[images/Pasted image 20251111111152.png]] # Manipulating Intercepted Requests - Example reasons for manipulating an intercepted request for Web Penetration Testing: 1. SQL injections 2. Command injections 3. Upload bypass 4. Authentication bypass 5. XSS 6. XXE 7. Error handling 8. Deserialization # Exercise - Had issues launching `Burpsuite` > all white dialog boxes - Fixed by turning off HW acceleration for Kali VM - Adjust field within intercepted request to read `ip=1;whoami;`![[images/Pasted image 20251111120835.png]] - Output ![[images/Pasted image 20251111120741.png]] - Send request to repeater to see side-by-side ![[images/Pasted image 20251111120904.png]] - Now `cat flag.txt` and play around some more![[images/Pasted image 20251111120621.png]]![[images/Pasted image 20251111120602.png]]![[images/Pasted image 20251111121020.png]]