In the practical example that I shared with you previously, I showed you my configuration for the requests/responses in the Proxy/Options tab. Check it out, and try to implement it, if that is what you are looking for during your web intrusion tests.

I intercept requests/responses for the following reasons:

• To inspect the contents of the requests/responses for analysis
• To intercept the request to override JavaScript validation
• To intercept the response when I need to override any values that the server has sent (for example, any header value)

An interesting configuration section is the Response Modification, which allows you to Unhide hidden form fields or Remove JavaScript form validation automatically: