Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Crawl/Audit detailed scope configuration does not persist when selected from library

John Gordon Jul 19, 2019 05:06PM UTC

When performing a Crawl+Audit or Crawl, Scan details > Detailed scope configuration > Included URL prefixes, changes are saved if typed manually but not if populated by "Select from library". The url list appears correctly in the text box when selected from library, but when you click OK and perform the crawl/audit it ignores those values. Dashboard > Tasks > Settings (gear icon) on the task confirms that the new list of urls never makes it into the task's included url prefixes.

Steps to reproduce:
1) Right-click an entry url and click Scan
2) Scan details > Detailed scope configuration > Included URL prefixes currently includes the parent directory of the entry entry url. Add an additional url manually, then save to library.
3) Click OK to run the scan and observe that it honors the additional url.
4) Repeat 1-3, but this time Select from library and note your additional url appears in the text box, but does not appear in the resulting task's configuration.


John Gordon Jul 19, 2019 05:11PM UTC
Version: Burp Suite Professional v2.1.01 for MacOS

John Gordon Jul 19, 2019 05:22PM UTC
Workaround:
1) Select from library to populate urls
2) Select all, cut urls so the textbox is empty
3) Click Excluded URL prefixes tab
4) Click Included URL prefixes tab
5) Paste urls back into textbox

The changes appear to be saved to the task at this point

Rose Krawczuk Jul 23, 2019 07:42AM UTC Support Center agent

John, sorry for the delayed response. Thanks for providing the steps to reproduce and the workaround. We’ll try and recreate the issue and make a story for this.


Rose Krawczuk Jul 23, 2019 01:37PM UTC Support Center agent

John, we’ve reproduced this and created a story for this bug. Unfortunately, we can’t tell you when this will be fixed, but we will notify you when it has been released.

Thanks for bringing this issue to our attention.

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer