- We can choose to match any text within our requests, either in the request header or request body, and then replace it with different text # Burp - `Burp` has a match and replace feature under Proxy>Proxy settings>HTTP match and replace rules ![[images/Pasted image 20251111202536.png]] - Different rules | Rule | Description | | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | `Type`: `Request header` | Since the change we want to make will be in the request header and not in its body. | | `Match`: `^User-Agent.* | The regex pattern that matches the entire line with `User-Agent` in it. | | `Replace`: `User-Agent: HackTheBox Agent 1.0` | This is the value that will replace the line we matched above. | | `Regex match`: True | We don't know the exact User-Agent string we want to replace, so we'll use regex to match any value that matches the pattern we specified above. | # ZAP - `ZAP` has a similar feature called Replacer by pressing \[`CTRL+R`\] or clicking on `Replacer` in ZAP's options menu ![[images/Pasted image 20251111202545.png]] # Automatic Response Modification - The same concept can be applied to HTTP responses as well