Burp Suite User Forum

Login to post

Automatic dropping of out-of-scope requests

Andrej | Last updated: May 23, 2018 09:14AM UTC

There are many connections to domains outside of the defined scope, like detectportal.firefox.com, safebrowsing.googleapis.com and others. Is it possible to entirely drop such requests? That they would never make it through proxy; and also so that they wouldn't be populated in the Alerts? If I'm behind proxy, I can see many of such connections to out-of-scope domains which I don't want to pass through; or even see as "Unknown host" in Alerts section as it triggers plenty of false positives. Thanks Best regards, Andrej

Liam, PortSwigger Agent | Last updated: May 23, 2018 09:16AM UTC

Configure suitable scope for what you want to include and exclude, and enable the "drop out of scope requests" option at Project options > Connections > Out-of_Scope Requests.

Burp User | Last updated: May 23, 2018 03:06PM UTC

Thank you, I was not aware of this option. However, I still see many alerts because of the "Blocked out-of-scope request" and "No response received from remote server". I mainly asked this because of too many logs in Alerts tab. Would it be possible to have an option to not see these in Alert tab?

Burp User | Last updated: May 23, 2018 03:12PM UTC

and I now noticed that Firefox is pinging internet every 3 seconds, so I have hundreds of alerts because of that. I know how to turn off the detectportal.firefox.com, but I'm interested if in the future it could be a customized setup within Burp, as I have many other usecases than the Firefox ping.

PortSwigger Agent | Last updated: May 24, 2018 10:15AM UTC

Hi Andrej, For the Firefox ping, I disable this within Firefox: - https://support.mozilla.org/en-US/questions/1157121 We do plan to add a feature to hide "chatty" requests like that. In the meantime, the Proxy Action Rules extension has a feature to "AutoDrop" specific hosts. While I understand the annoyance within getting many alerts, at present we've no plans to make that configurable. Please let us know if you need any further assistance.

Paulius | Last updated: Dec 22, 2020 04:38PM UTC

I guess the question is - is it possible to disable (application wide not project wide as otherwise you repeat the same actions every time you launch new project) interception of various built-in browser's requests merely/un-related to any browsing activity we do during most assignments - i.e. googleapis.com, accounts.google.com, www.google.com, ssl.gstatic.com, www.gstatic.com and the rest relating to browser's updates, statistics etc.). Thanks!

Uthman, PortSwigger Agent | Last updated: Dec 22, 2020 05:03PM UTC

Paulius, our development team is working on reducing the noise from browsers in the Proxy. We will update this thread when the functionality has been added.

Ben, PortSwigger Agent | Last updated: Feb 10, 2021 11:04AM UTC

Hi all, We just wanted to let you know that the new Burp 2021.2 release should now reduce the noise from Burp's embedded browser automatically.

You need to Log in to post a reply. Or register here, for free.