-
-
Notifications
You must be signed in to change notification settings - Fork 136
HelpUiDialogsAddbreak
Simon Bennetts edited this page Jun 7, 2019
·
4 revisions
This dialogue allows you to add and edit HTTP break points.
A break point is defined by the following fields:
-
Location - where the
String
is checked in the HTTP message:URL
,Request Header
,Request Body
,Response Header
, orResponse Body
. -
Match - how the
String
is interpreted,Regex
orContains
, for regular expression or exact match, respectively, in theLocation
. The regular expression does not need to match the whole content of theLocation
. - String - the string that triggers the break point.
-
Inverse - if the result of the
Match
should be the inverse. -
Ignore case - if the case of the
String
should be ignored.
If you proxy a HTTP message that matches a break point then ZAP will intercept it and allow you to change either the request and/or the response.
Note: ZAP will warn and prevent adding break points with a fragment identifier component (#
), if the break point has match Contains
and location URL
. Such break point would not work because the fragment identifier is not sent to the server.
History tab | 'Break...' right click menu item | |
Sites tab | 'Break...' right click menu item |
UI Overview | for an overview of the user interface | |
Dialogs | for details of the dialogs or popups |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits