Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

exclude scope setting for new burp pro 2.1

Adam Coombs Jul 19, 2019 09:16PM UTC

In the old burp, before you kick off the spidering and scanning.
There was a option to exclude specific file extension like docx or pdf or exe.

In the new version of burp this is option is listed in the audit select items. This not everything I need.
https://portswigger.net/burp/documentation/desktop/scanning/scan-launcher

I found this url-matching
https://portswigger.net/burp/documentation/desktop/functions/url-matching
Which allows you to create a scope library to use at the beginning of the crawl and auditing.
I have try to create advance scope control
Here are my setting,
Included URL's
Protocol: HTTPS
All the rest blank (to allow any website)
Excluded URL's
Protocol: HTTPS
Host/IP range: (company IP address range)
Port : ^443$
File: ^\.pdf.* ( idea is if it finds a thread with .pdf at the end to no scan it)

Any help with this would be very much gratefully


Liam Tai-Hogan Jul 24, 2019 01:29PM UTC Support Center agent

Thanks for your message Adam.

The method you are currently using is the advised workaround for now.

We do plan to add an option for this now we have implemented our own embedded browser. We’ll update you when we’ve made some progress.


Adam Coombs Jul 24, 2019 03:27PM UTC
Awesome Liam
Love the new burp suite

Adam Coombs Jul 24, 2019 08:29PM UTC
Hey Liam

With the help of a few other people. I was able to get this to work.
Here is my code

{
"scope":{
"advanced_mode":true,
"exclude":[
{
"enabled":true,
"file":"^/*.(pdf|docx)",
"port":"^443$",
"protocol":"https"
}
],
"include":[
{
"enabled":true,
"protocol":"https"
}
]
}
}

Liam Tai-Hogan Jul 25, 2019 01:51PM UTC Support Center agent

Thanks for the update Adam.


Post Your public answer

Your name
Your email address
Answer