Burp Suite User Forum

Create new post

Discover content requests out-of-scope item

Rob | Last updated: Mar 30, 2015 04:33PM UTC

In Target > Scope I've set "Exclude in scope" to be as follows: ^/auth/logout.* However, despite this "Content discovery" appears to request /auth/logout causing the discovery session to be logged out. A workaround could be to setup some Session Handling Rules for the Spider (?) to run a Macro to log back in, but should this be necessary?

Burp User | Last updated: Mar 30, 2015 04:35PM UTC

I've also tried what was suggested here: https://support.portswigger.net/customer/portal/questions/11347574-discover-content-requests-with-cookies I set Options > Connections > Out-of-Scope Requests and checked "Drop all out-of-scope requests" However, the request still seems to be made within the content discovery session.

PortSwigger Agent | Last updated: Mar 31, 2015 07:59AM UTC

Actually, the "Discover Content" feature doesn't base its requests on target scope - the current behavior is that it requests everything in the directory that you have selected. The workaround to drop all out-of-scope requests should be working, as this function applies to requests made by all tools and functions within Burp. Can you double-check that your scope rule is correct and is causing requests from other tools to be dropped (e.g. using Repeater). Then you should find that the same requests are also dropped when made by the Content Discovery function.

Burp User | Last updated: Apr 13, 2015 09:44AM UTC

It could possibly have been the site map copied from the main site map caused the request to /auth/logout to be shown and that the discover content triggered another function that caused the session to be invalidated. I'll keep an eye on it. PS. Is there any way to be notified of replies on here by email?

PortSwigger Agent | Last updated: Apr 15, 2015 09:05AM UTC

We use the Salesforce Desk platform to host the Burp Suite Support Center. It appears that this doesn't automatically send out email notifications when questions are answered. We've asked them about this feature and they will maybe be able to support this soon.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.