HelpUiTabsBreak
The Break tab allows you to change a request or response when it has been caught by ZAP via a break point. It allows you to change elements that you would not normally be able to change via your browser, including:
| The header | |
| Hidden fields | |
| Disabled fields | |
| Fields that use javascript to filter out illegal characters |
This functionality is key to effectively pen testing your application.
The 2 panels will only contain anything if ZAP has caught a request or response. You can change anything in these 2 panels and then forward the request or response using the buttons on the Top Level Toolbar.
Pull downs allow you to select different Views for the request or response header and body.
While the Break tab is not in use its icon is a grey cross: 
.
When a break point is hit the tab icon is changed to a red cross: 
.
Right clicking on a node will bring up a menu which will allow you to:
This will bring up the Find dialog.
This will bring up the Encode/Decode/Hash dialog. If you have highlighted any text then this will be automatically included in the dialog.
This will copy the selected string to the clipboard.
| UI Overview | for an overview of the user interface | |
| Break Points tab | for details of how to change or delete break points |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
