Breakpoints

A breakpoint allows you to intercept a request from your browser and to change it before is is submitted to the web application you are testing.
You can also change the responses received from the application
The request or response will be displayed in the Break tab which allows you to change disabled or hidden fields, and will allow you to bypass client side validation (often enforced using javascript).
It is an essential penetration testing technique.

You can set a ‘global’ breakpoint on requests and/or responses using the buttons on the top level toolbar.
All requests and/or responses will then be intercepted by ZAP allowing you to change anything before allowing the request or response to continue.

You can also set breakpoints on specific criteria using the “Break…” right click menu on the Sites and History tabs and the ‘Add a custom HTTP breakpoint’ button on the top level toolbar.
Only requests and responses which match those criteria will be intercepted by ZAP.
Custom breakpoints are shown in the Breakpoints tab

Breakpoint option are configured using the Options Breakpoints screen.

See also

UI Overview for an overview of the user interface
Features provided by the UI