Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Dropping requests to specific domains or hostnames without the Out-of-scope feature

Shawn | Last updated: Feb 20, 2018 04:43AM UTC

I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they are relentless. Is there a 'clean' way to make Burp drop requests to these domains so they never get completed? My current way of doing this is not too elegant as I use the hosts file or Burp's hostname resolution to redirect those endpoints to a sinkhole on 127.0.0.1, which makes the requests time-out eventually. Also, I know I can use the Out-of-Scope requests feature but I have quite a few in-scope endpoints and I'm actually trying to identify more of the in-scope endpoints. Hope to get your thoughts. Thanks.

Liam, PortSwigger Agent | Last updated: Feb 20, 2018 10:18AM UTC

When you say "Out-of-Scope requests feature", are you referring to the setting in Proxy > Options > Miscellaneous?

Burp User | Last updated: Feb 20, 2018 10:05PM UTC

@Liam, I'm referring to the one in 'Project Options > Connections > Out-of-scope Requests'

Liam, PortSwigger Agent | Last updated: Feb 21, 2018 10:09AM UTC

We can't think of a cleaner way to do this, other than manually mapping and testing the application to identify more of the in-scope endpoints.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.