Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Auditing: Ignored Insertion Points: Skip all tests for there parameters

Martinik | Last updated: Jul 12, 2024 08:03AM UTC

Hi, I defined my own configuration as follow: Settings\Configuration library New > Auditing Ignored Insertion Points: Skip all tests for there parameters How can I skip from auditing when scanning these URL path and file: /resources/labheader/ /resources/labheader/css/academyLabHeader.css I read this but still not able to skip them from scanning (based on my defined config) https://portswigger.net/burp/documentation/scanner/scan-configurations/audit-options Do you have a valid configuration that works? Thank you.

Syed, PortSwigger Agent | Last updated: Jul 12, 2024 01:07PM UTC

Hi Martinik,

The skipping insertion point settings you are talking about are for insertion points that Burp identifies during the crawl. What you want to do falls in a different category, you want to skip URLs, which you can do in scope settings. Navigate to Settings>Project>Scope and here you can put these URLs out of scope and even select the option to drop these requests completely.

I hope this helps.

Martinik | Last updated: Jul 12, 2024 01:48PM UTC

Hi Syed, Thank you for your answer but it is not related to my question. As I said above, I'm using the auditing not crawling. And, I don't want to use scope in this specific case. I'm still waiting for an answer. Thank you.

Syed, PortSwigger Agent | Last updated: Jul 15, 2024 09:26AM UTC

Hi,

I understand it is not crawl and the suggestion I shared above is for audit-only scans. Also, it doesn't matter if you are running a crawl or an audit, you will still need to use the scope settings to scope out any URL paths or files.

Martinik | Last updated: Jul 15, 2024 10:02AM UTC

Hi Syed, I think this might help you. Please read carefully this section: https://portswigger.net/burp/documentation/scanner/scan-configurations/audit-options#:~:text=Ignored%20insertion%20points,to%20the%20selected%20list. I would like to ask you to send my request to another colleague who understands what I asked for, related to the "Configuration library". Thank you.

Syed, PortSwigger Agent | Last updated: Jul 15, 2024 10:51AM UTC

Hi Mar,

Please email us at support@porswigger.net and we will make sure to answer your questions in detail.

Martinik | Last updated: Jul 15, 2024 11:55AM UTC

The right email address is: support@portswigger.net

Syed, PortSwigger Agent | Last updated: Jul 15, 2024 12:08PM UTC