Intercepting and Modifying HTTP Traffic

A Web Proxy (specifically an Intercepting Proxy) is an indispensable tool for web application penetration testing. It sits between your browser and the web server, allowing you to view, capture, and modify every request and response passing through.

Key Proxy Functions

1. Interception: Pauses the communication flow. The request does not go to the server until you forward it.
2. Modification: Allows you to change parameters, headers, cookies, or payload content before the server sees it (e.g., changing a price from $10 to $1).
3. History: Keeps a record of all requests made during the test.

Tool of Choice

Burp Suite (developed by PortSwigger) is the industry-standard tool for web application security testing. We will focus on the free Community Edition.