Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

set a scope and do not logout

Christian | Last updated: Dec 13, 2017 03:21PM UTC

Hi, I'm not sure if I'm the problem or if something has changed :-) so let me explain. I'm testing an application where a logout can be done with a URL like www.site.com/index.php?module=Users&action=Logout . In the tab Target > Scope I remember I had per default logout, logoff, signoff and exit in "Exclude from scope". Hint: "Use advanced scope control" is important here. But these are gone. So I added the them manually with nothing in the fields only one word per line in "File". But if I switch to "Show only in-scope items" almost all lines in Proxy are gone! Could that be, because on every page is a Logout link? How do I set the exceptions? If I enter "action=Logout" in File, almost all lines are out of scope, too. Why are the not there if I start a new default temporary project? Thanks, Chris

Liam, PortSwigger Agent | Last updated: Dec 13, 2017 03:39PM UTC

Yes, there has been a change to the scope settings. Try checking the "Use advanced scope control" checkbox. Once this check box is enabled you can add "logout" in the "File" name field.

Burp User | Last updated: Dec 13, 2017 05:14PM UTC

Isn't there the default settings anymore?

Burp User | Last updated: Dec 14, 2017 07:17AM UTC

How can I avoid with regex to hit live scanning for URLs that have login.asp login.io loginout.jsp ......

Liam, PortSwigger Agent | Last updated: Dec 14, 2017 01:47PM UTC

Christian, the default settings have been removed. You can add your your own default settings and save them with your configuration.

Liam, PortSwigger Agent | Last updated: Dec 14, 2017 01:52PM UTC

John, you don't need to use a regex to remove URLs with certain file names. Checking "Use advanced scope control", then add the file name types in the appropriate field.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.