The Break tab allows you to change a request or response when it has been caught by ZAP via
It allows you to change elements that you would not normally be able to change via your browser, including:
This functionality is key to effectively pen testing your application.
The 2 panels will only contain anything if ZAP has caught a request or response.
You can change anything in these 2 panels and then forward the request or response using the buttons on the Top Level Toolbar.
Pull downs allow you to select different Views for the request or response header and body.
While the Break tab is not in use its icon is a grey cross:
When a breakpoint is hit the tab icon is changed to a red cross: .
If you have selected “Show buttons to select the requests you don’t want ZAP to break on” in the options menu you will be able to select if you just want to break on requests that are in scope and you will be able to select the file extensions you don’t want to break on:
|CSS and Fonts Files|
|Only in scope|
By default ZAP will automatically update (or add) the HTTP(S) Content-Length header to match the size of the data submitted. If this option is unselected then ZAP will not update the header allowing you to specify any value you like.
This button will only be shown for HTTP(S) messages.
Right clicking on a node will bring up a menu which will allow you to:
This will bring up the Find dialog.
This will copy the selected string to the clipboard.
|UI Overview||for an overview of the user interface|
|Breakpoints tab||for details of how to change or delete breakpoints|