Burp
In Burp, we can enable response interception by going to (Proxy>Options) and enabling Intercept Response under Intercept Server Responses
Burp also has a similar feature, which we can enable under Proxy>Options>Response Modification, then select one of the options, like Unhide hidden form fields.
ZAP
Let’s try to see how we can do the same with ZAP. As we saw in the previous section, when our requests are intercepted by ZAP, we can click on Step, and it will send the request and automatically intercept the response:
ZAP HUD also has another powerful feature that can help us in cases like this. While in many instances we may need to intercept the response to make custom changes, if all we wanted was to enable disabled input fields or show hidden input fields, then we can click on the third button on the left (the light bulb icon), and it will enable/show these fields without us having to intercept the response or refresh the page.
Another similar feature is the Comments button, which will indicate the positions where there are HTML comments that are usually only visible in the source code. We can click on the + button on the left pane and select Comments to add the Comments button, and once we click on it, the Comments indicators should be shown