Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

'Drop all out-of-scope requests' not behaving as expected

Matthew | Last updated: Feb 20, 2019 10:41AM UTC

Hi there, I'm trying to use the 'Drop all out-of-scope requests' option in the Project Options but it's not behaving as expected - with intercepts on it continues to intercept requests to all hosts. Have I misunderstood the way this option works or missed anything in my configuration? Environment: Windows 10 Enterprise Version 10.0.16299 Build 16299 Burp Suite Community Edition v1.7.36 Firefox 65.0.1 (64-bit) Steps to reproduce: 1. Under Target -> Scope, tick 'Use advanced scope control' 2. Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank 3. Under Project options, tick 'Drop all out-of-scope requests' 3. With Proxy -> Intercept 'Intercept is on'; navigate to www.google.com in the browser 4. With Proxy -> Intercept 'Intercept is on'; navigate to www.bing.com in the browser Expected behaviour: 1. Requests to www.google.com are intercepted and user has to manually forward or drop 2. Requests to www.bing.com are automatically dropped without interception Actual behaviour: All requests are intercepted.

Burp User | Last updated: Feb 20, 2019 10:47AM UTC

Of course, as soon as I posted the question I found the resolution. For anyone running into this in future: the 'Drop all out-of-scope requests' doesn't impact request interception, there's another option for that. In Proxy -> Options, under 'Intercept Client Requests' make sure to tick 'And URL Is in target scope'.

PortSwigger Agent | Last updated: Feb 20, 2019 01:56PM UTC