- In some instances, we may need to intercept the HTTP responses from the server before they reach the browser - This can be useful when we want to change how a specific web page looks, like enabling certain disabled fields or showing certain hidden fields, which may help us in our penetration testing activities - Burp - Enable going to Proxy > Proxy Setting and enabling Intercept Response under Response interception rules ![[images/Pasted image 20251111142559.png]] - Once we click `Forward` to forward the request, we should see the intercepted response, which can also be forwarded by clicking `Forward` - ZAP - When requests are intercepted, click `Step` to send the request and automatically intercept the response ![[images/Pasted image 20251111143151.png]] - Click `Continue` to forward the manipulated response