In this recipe, we used the ZAP proxy to intercept a valid request in which the server analyzed the header section. We modified the header and verified that the server actually took the value we would provide.

First, we made a test request and discovered that the User-Agent header was being used by the server. Knowing that, we made a valid request and intercepted it with the proxy; this allowed us to see the request once it left the browser. Then we changed the header so the User-Agent contained the information we wanted it to contain and submitted the request to the server, which took and displayed the value we provided.

Another option to change the User-Agent without the need to intercept and manually change requests is to use the User-Agent Switcher Firefox extension we installed in Chapter 1, Setting Up Kali Linux and the Testing Lab. The problem with this is that we would need to set up a different user agent in the extension every time we wanted to test a different value, which is very impractical in a penetration test.