Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Parameter scope questions

Andrej Simko Feb 11, 2019 03:03PM UTC

Hi, when I go to Session handling rule editor -> Scope -> Parameter Scope -> "Restrict to requests containing these parameters".

I want to ask, when I specify multiple parameters at the same time => is there logical AND or logical OR between?
I mean, does my request need all of the mentioned parameters to have session handling rule applied, or either one of specified is sufficient?

Very similar question for my usecase (in the same tab), when I use Custom URL Scope -> advanced scope control -> when I specify regexp for File, does it also take into consideration parameters? I'm asking if I could use File with this regexp:
\/html\/path\/index\.html\?(.*csrf=.*)|\/html\/path\/index\.html\?(.*token=.*)
Thanks


Paul Johnston Feb 13, 2019 12:11PM UTC Support Center agent

It is a logical AND – all the parameters must be present for it to be in scope.

And yes the file section does include the query string. I believe you regex will work – although I’ve not tested myself.


Post Your public answer

Your name
Your email address
Answer