Burp Suite is a powerful web application auditor with a huge range of features, from simple to advanced. One of its core features is an intercepting proxy server. This allows us to pass our web traffic through burp suite, allowing us to view and modify both our browsers request before it goes to the remote web server, and the web server’s response before it returns to our browser.
A couple common request modifications:
- Add data to form submissions, modify hidden fields.
- View and modify browser AJAX data
- View and edit headers including cookies
And a couple of common response modifications:
- Add or remove cookies sent to the browser
First, fire up Burp Suite, and browse to Proxy –> Options: