Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Automatic dropping of out-of-scope requests

Andrej Simko May 23, 2018 09:14AM UTC

There are many connections to domains outside of the defined scope, like detectportal.firefox.com, safebrowsing.googleapis.com and others. Is it possible to entirely drop such requests? That they would never make it through proxy; and also so that they wouldn't be populated in the Alerts? If I'm behind proxy, I can see many of such connections to out-of-scope domains which I don't want to pass through; or even see as "Unknown host" in Alerts section as it triggers plenty of false positives.
Thanks
Best regards,
Andrej


Liam Tai-Hogan May 23, 2018 09:18AM UTC Support Center agent

Configure suitable scope for what you want to include and exclude, and enable the “drop out of scope requests” option at Project options > Connections > Out-of_Scope Requests.


Andrej Simko May 23, 2018 03:06PM UTC
Thank you, I was not aware of this option.

However, I still see many alerts because of the "Blocked out-of-scope request" and "No response received from remote server".

I mainly asked this because of too many logs in Alerts tab. Would it be possible to have an option to not see these in Alert tab?

Andrej Simko May 23, 2018 03:12PM UTC
and I now noticed that Firefox is pinging internet every 3 seconds, so I have hundreds of alerts because of that. I know how to turn off the detectportal.firefox.com, but I'm interested if in the future it could be a customized setup within Burp, as I have many other usecases than the Firefox ping.

Paul Johnston May 24, 2018 10:33AM UTC Support Center agent

Hi Andrej,

For the Firefox ping, I disable this within Firefox:

- https://support.mozilla.org/en-US/questions/1157121

We do plan to add a feature to hide “chatty” requests like that. In the meantime, the Proxy Action Rules extension has a feature to “AutoDrop” specific hosts.

While I understand the annoyance within getting many alerts, at present we’ve no plans to make that configurable.

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer