Burp community forum

Automatic dropping of out-of-scope requests

Andrej | Last updated: May 23, 2018 09:14AM UTC

There are many connections to domains outside of the defined scope, like detectportal.firefox.com, safebrowsing.googleapis.com and others. Is it possible to entirely drop such requests? That they would never make it through proxy; and also so that they wouldn't be populated in the Alerts? If I'm behind proxy, I can see many of such connections to out-of-scope domains which I don't want to pass through; or even see as "Unknown host" in Alerts section as it triggers plenty of false positives. Thanks Best regards, Andrej

Liam, PortSwigger Agent | Last updated: May 23, 2018 09:16AM UTC

Configure suitable scope for what you want to include and exclude, and enable the "drop out of scope requests" option at Project options > Connections > Out-of_Scope Requests.

Burp User | Last updated: May 23, 2018 03:06PM UTC

Thank you, I was not aware of this option. However, I still see many alerts because of the "Blocked out-of-scope request" and "No response received from remote server". I mainly asked this because of too many logs in Alerts tab. Would it be possible to have an option to not see these in Alert tab?

Burp User | Last updated: May 23, 2018 03:12PM UTC

and I now noticed that Firefox is pinging internet every 3 seconds, so I have hundreds of alerts because of that. I know how to turn off the detectportal.firefox.com, but I'm interested if in the future it could be a customized setup within Burp, as I have many other usecases than the Firefox ping.

PortSwigger Agent | Last updated: May 24, 2018 10:15AM UTC

Hi Andrej, For the Firefox ping, I disable this within Firefox: - https://support.mozilla.org/en-US/questions/1157121 We do plan to add a feature to hide "chatty" requests like that. In the meantime, the Proxy Action Rules extension has a feature to "AutoDrop" specific hosts. While I understand the annoyance within getting many alerts, at present we've no plans to make that configurable. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.