Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Skipping server side tests for .js and .css files

Jesse | Last updated: Jul 05, 2017 07:19PM UTC

How do I set the active scanner to skip server side tests for all .js and .css files? I currently have the following set with the scanner options tab and its not working: Skip server-side tests for: Parameter = URL path filename Item = Value Match Type = Matches Regex Matches Expression = (\.css|.\woff2|\.woff|\.png|\.jpg|\.ico|\.svg |\.js)

PortSwigger Agent | Last updated: Jul 06, 2017 07:32AM UTC

Hi Jesse, Thanks for getting in touch. How are you starting Active Scanner? If you select an item in Site map and choose Actively scan this branch, that launches the Active scanning wizard. There is an option there to Remove items with the following extensions. The option you mention in your message only skips individual parameters, not whole pages. Please let us know if you need any further assistance.

Burp User | Last updated: Dec 12, 2017 10:21AM UTC

Can you please answer his original question?

PortSwigger Agent | Last updated: Dec 12, 2017 10:25AM UTC

Hi John, Thanks for reaching out. The "Skip test for..." section in Scanner Options only skips particular parameters, not full requests. To skip whole requests, use the filter in Active Scanning Wizard - which appears if you right-click a host/branch in Site Map and choose Active Scan.

PortSwigger Agent | Last updated: Dec 12, 2017 10:27AM UTC

Hi John, Ok, you can control this using a custom scope. In Scanner > Live scanning > Live Active Scanning - select "Use custom scope" and enable advanced scope control. Add you target to "Include in scope" then add a rule to "Exclude from scope" that covers the extensions you don't want to scan. By the way, we weren't deliberately dodging the question. We'd asked some time ago how Jesse was launching scans, but neither him nor you answered that until now. Please let us know if you need any further assistance.

Burp User | Last updated: Dec 13, 2017 01:57AM UTC

Using Active Scanning Wizard is not answer for us :( We are looking for solution when the scanner is doing active scanning when while browsing. You talking about when user wants to chose what to scan which is not understood for all. You are not answering how to avoid to automatic scanning of those file when scanner is working while browsing with proxy.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.