Burp Suite User Forum

Create new post

'Drop all out-of-scope requests' not behaving as expected

Matthew | Last updated: Feb 20, 2019 10:41AM UTC

Hi there, I'm trying to use the 'Drop all out-of-scope requests' option in the Project Options but it's not behaving as expected - with intercepts on it continues to intercept requests to all hosts. Have I misunderstood the way this option works or missed anything in my configuration? Environment: Windows 10 Enterprise Version 10.0.16299 Build 16299 Burp Suite Community Edition v1.7.36 Firefox 65.0.1 (64-bit) Steps to reproduce: 1. Under Target -> Scope, tick 'Use advanced scope control' 2. Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank 3. Under Project options, tick 'Drop all out-of-scope requests' 3. With Proxy -> Intercept 'Intercept is on'; navigate to www.google.com in the browser 4. With Proxy -> Intercept 'Intercept is on'; navigate to www.bing.com in the browser Expected behaviour: 1. Requests to www.google.com are intercepted and user has to manually forward or drop 2. Requests to www.bing.com are automatically dropped without interception Actual behaviour: All requests are intercepted.

Burp User | Last updated: Feb 20, 2019 10:47AM UTC

Of course, as soon as I posted the question I found the resolution. For anyone running into this in future: the 'Drop all out-of-scope requests' doesn't impact request interception, there's another option for that. In Proxy -> Options, under 'Intercept Client Requests' make sure to tick 'And URL Is in target scope'.

PortSwigger Agent | Last updated: Feb 20, 2019 01:56PM UTC

No worries, glad you got it figured out.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.