A breakpoint allows you to intercept a request from your browser and to change it before
is is submitted to the web application you are testing.
You can also change the responses received from the application
The request or response will be displayed in the Break tab
which allows you to change disabled or hidden fields, and will allow you to bypass
client side validation (often enforced using javascript).
It is an essential penetration testing technique.
You can set a ‘global’ breakpoint on requests or responses using the buttons on the
top level toolbar.
All requests or responses will then be intercepted by ZAP allowing you to change anything before
allowing the request or response to continue.
You can also set breakpoints on specific criteria using the “Break…” right click menu on the
Sites and History tabs
and the ‘Add a custom HTTP breakpoint’ button on the top level toolbar.
Only requests and responses which match those criteria will be intercepted by ZAP.
Custom breakpoints are shown in the Breakpoints tab
Breakpoint option are configured using the Options Breakpoints screen.
| UI Overview | for an overview of the user interface | |
| Features | provided by the UI |